On Tue, 12 Aug 2003, Victor Berdin wrote:
> Hi,
> There's no such thing as *MINIMAL*. This depends entirely on your
> connection requirements.
With respect to freeS/WAN the connection requirements are an ethernet
connection for out of band data like keys. The actual data streams use
a bunch of 2.5 Gbit fiber optic interfaces. What I was really asking
was since I'm not using freeS/WAN to create tunnels is there anything
I can get rid of?
> > 2) How do I get access to keys I'll need to pass to
> > my hardware?
>
> You will have to create/read them (from DNS/etc). The docs/howtos
> are your friends.
I agree about the docs. Thus far they still look more like a refresher
course than they do "Intro to IPSec". I'll need to modify the code so
it can dump the keys into my hardware directly.
> > 3) The docs for rev 2.01 say you need BIND v9. Is this
> > anywhere on the network or on the local box? Lots of
> > embedded systems don't run bind.
>
> Most definitely! DJB's 'tinydns' perhaps. Once more, the docs/howtos
> are a good place to start.
>From this I gather it means I need dns on my box.
> > 4) Do you need a config file entry for each host involved
> > in key exchange.
> Again, the config depends entirely on the type of connection you'd
> like to implement. Read the docs first, then try implementing/doing
> actual connections/tunnels, then post on the list if you stumble
> across connection problems.
The config will have some boxes in the same room. Some in the same
complex of buildings and some scattered around the country. I suppose
there will be firewalls and NAT in between. I think what is going to
make the most sense is to install it on an existing host on the network.
At least I'll have a fighting chance if I know one side of the setup is
working. I've read through the configuration stuff in the docs enough
times now that some of it is starting to stick.
--
Joel Coltoff
... if you take cranberries and stew them like applesauce, they taste
much more like prunes than rhubarb does.
-- Groucho Marx (Animal Crackers)
_______________________________________________
FreeS/WAN Users mailing list
[EMAIL PROTECTED]
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
