Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jeb Campbell on December 09, 2000, 06:43:11 PM
-
Just made a rpm of freeswan 1.8 with kernel 2.2.16-3 for e-smith 4.0 or 4.0.1. Included are all the steps that tripped me up. ipsec.o is a module.
Works great with dyndns also.
Charlie or Ken, could I host it on your server? 1.8 megs would kill my modem. (I could also do a 4.1 when it is released).
I also would like to write a how-to if that's ok, and take people through it step by step -- it's easy looking back on it, just lots of little things to get you caught.
PLS email me if that would be ok (jebc@utk.edu), but I'm going to get some sleep now, this took all night.
-
Call me stupid but what is freeswan?
-
www.freeswan.org -- it's an implementation of ipsec for linux,bsd, etc. This lets you do vpn's such as subnet-to-subnet, or host-to-subnet. This latest one supports rsa authentication, 3des encryption on the data, adjustable key life, multiple tunnels, and data compression between the tunnels.
My setup for a company (and between some of my friends) is as follows. 2048 bits keys on each server for authentication, 3des encryption, 2 hour key life (if someone cracks your key, the most info they can get is 2 hours worth, but you can adjust this), subnet to subnet, and compression.
Basically lets my private 192.168.2.0/24 subnet and another (or as many as you want) like 192.168.0.0./24 be connected securely, it really is great -- you can do anythin over the tunnel like samba or X11 forwarding -- and it's secure. Feel free to ask any more questions about what it can do, or if I haven't explained it well, just say so.
-
Goto linux.made-to-order.net and click on download on the left menu and the rpm is at the bottom of the page. Don't forget to goto topics/e-smith and the first one is the freeswan on e-smith how-to, which you should read before installing.
-
actual url for the how to is
http://linux.made-to-order.net/article.php&mode=thread&order=0
-
Does this support people connecting via the internet on
Win98SE clients?
Does it support MS-Compatable encryption/compression?
(ideally we would like to allow home workers to connect to our network via the internet)
-
Jeb Campbell wrote:
> Just made a rpm of freeswan 1.8 with kernel 2.2.16-3 for
> e-smith 4.0 or 4.0.1. Included are all the steps that tripped
> me up. ipsec.o is a module.
>
> Works great with dyndns also.
>
> Charlie or Ken, could I host it on your server? 1.8 megs would
> kill my modem. (I could also do a 4.1 when it is released).
> [...]
e-smith provides hosting for any e-smith related developments.
Please contact me privately and we'll arrange to make it available.
I note that Tim Litwiller has also generously offered to host this,
but I think it would also be useful to have your work directly on
e-smith.org
Gordon
-
I agree, and you know where to get the files to put them there.
Once they are there let me know and I will point the link there instead.
Thanks
Tim Litwiller
-
Tim Litwiller wrote:
> I agree, and you know where to get the files to put them there.
>
> Once they are there let me know and I will point the link there
> instead.
Thanks Tim.
The RPMs, including the SRPM, are now up on ftp.e-smith.org
ftp://ftp.e-smith.com/pub/e-smith/contrib/RPMindex/RPMS/i386/freeswan-1.8-es1.i386.html
The README is available in both the SRPMS and RPMS/i386 directories
The announcement will be up soonish as well.
Gordon