Re: IPsec vs ssh

To: darrenr%netbsd.org@localhost, John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: IPsec vs ssh
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Mon, 11 Nov 2013 17:40:44 -0800

On Nov 12, 12:28pm, Darren Reed wrote:
} On 12/11/2013 7:48 AM, John Nemeth wrote:
} ...
} > } > } > Also, just encrypting icmp is next to useless.
} > } > } 
} > } > } Encrypting only icmp is perfect for testing until the configuration
} > } > } is correct and properly operationalised.
} > } > 
} > } >      True enough.  Does the tunnel come up and work?  Can you ping
} > } > both directions through the tunnel?
} > } 
} > } Almost.
} > 
} >      Then this is the real problem:  you don't have a viable tunnel.
} > 
} >      You might want to use "setkey -D" and/or "setkey -D -P" to
} > see what the kernel is seeing.
} 
} Why do I need a tunnel?

    A tunnel is basically encapsulation of any sort.  So, when you
encapsulate any of kind of packet with an IPSec (ESP) wrapper, you
have essentially created a tunnel.

}-- End of excerpt from Darren Reed

Follow-Ups:
- Re: IPsec vs ssh
  - From: Thor Lancelot Simon
- Re: IPsec vs ssh
  - From: Darren Reed

References:
- Re: IPsec vs ssh
  - From: Darren Reed

Prev by Date: Re: IPsec vs ssh
Next by Date: Re: IPsec vs ssh
Previous by Thread: Re: IPsec vs ssh
Next by Thread: Re: IPsec vs ssh
Indexes:

Home | Main Index | Thread Index | Old Index