[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec on 2.4.2/IPv4
- To: Miki Shapiro <aris(at-nospam)pharoe.com>
- Subject: Re: IPSec on 2.4.2/IPv4
- From: Ilya Konstantinov <linux-il(at-nospam)future.galanet.net>
- Date: Sun, 20 May 2001 13:15:02 +0300
- Cc: Happy Linux Campers <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <Pine.LNX.4.21.0105201255001.27965-100000@pharoe.com>; from aris@pharoe.com on Sun, May 20, 2001 at 12:59:43PM +0300
- References: <Pine.LNX.4.21.0105201255001.27965-100000@pharoe.com>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.2.4i
On Sun, May 20, 2001 at 12:59:43PM +0300, Miki Shapiro wrote:
> Another Q:
>
> I want my box to suggest (yet not require) IPSec over my IPv4 connection,
> especially for incoming sessions.
AFAIK, there isn't such thing as "suggesting". Using IPSec is basically
establishing a VPN tunnel with you (and possibly with your whole
subnet, if you wish to expose it). First, the hosts handshake and
exchange keys on port 500, then they can talk. For now, establishing
such a connection is a thing one does on purpose -- the kernel doesn't
automagically check if the other host has IPSec open.
> I have a custom-tailored 2.4.2 as it is, and I didn't find IPSec support
> in the config menu. I either missed something or...
No, IPSec isn't merged in, but is available from a project called
FreeS/WAN. http://www.freeswan.org
> Can anyone point it out to me?
> (I also really hope it's available as a module, I don't want to reset my
> uptime ... :-))
I'm afraid you'll need to patch the kernel and restart.
--
Best regards,
Ilya Konstantinov
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il