RE: [suse-security] sshd keep alive
I have not done ipsec tunnels in linux since my one and only attempt at freeswan proved to be a whole 24 hours of frustration however I have run it very easily in steps taking about 15 minutes with FreeBSD. I assumed that by now freeswan should be useable and easy to setup since about 3 years have passed since my abortive attempt at setting it up. Noah.
-----Original Message----- From: Geoffrey [mailto:esoteric@3times25.net] Sent: 29 April 2004 13:13 To: suse-security@suse.com Subject: Re: [suse-security] sshd keep alive
sematin@mtn.co.ug wrote:
Unless you have a specific need for ssh tunnels, you could simply setup a VPN tunnel between your host and the server using ipsec and thus ALL your connections to the server go through that secure tunnel. You don't need keepalives for that.
I'm looking for enlightenment here. Personal experience seems to indicate that ssh is a lot easier to set up then a vpn, freeswan being the only solution I've tried, and know of that works on Linux. So, ssh is the way I normally approach this problem. I can get ssh up an running from install, whereas freeswan is an effort measured in hours and frustration.
Are there other solutions?
-- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I have not done ipsec tunnels in linux since my one and only attempt at freeswan proved to be a whole 24 hours of frustration however I have run it very easily in steps taking about 15 minutes with FreeBSD. I assumed that by now freeswan should be useable and easy to setup since about 3 years have passed since my abortive attempt at setting it up.
That's true. I'd long run first time due to a NATing firewall between endpoints. But this is all history. There is an special version of freeswan the is full-blown and fully patched. Try this one [1]. Keep in mind that with kernel 2.6 the ipsec implementation has changed and is not longer freeswan based [2]. [1]http://www.freeswan.ca/code/super-freeswan/ [2]http://www.ipsec-howto.org/x237.html the bob -- http://www.hs-pongratz.de
participants (2)
-
Paranoiac_User
-
sematin@mtn.co.ug