[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPsec vs ssh
On Nov 12, 12:28pm, Darren Reed wrote:
} On 12/11/2013 7:48 AM, John Nemeth wrote:
} > } > } > Also, just encrypting icmp is next to useless.
} > } > }
} > } > } Encrypting only icmp is perfect for testing until the configuration
} > } > } is correct and properly operationalised.
} > } >
} > } > True enough. Does the tunnel come up and work? Can you ping
} > } > both directions through the tunnel?
} > }
} > } Almost.
} > Then this is the real problem: you don't have a viable tunnel.
} > You might want to use "setkey -D" and/or "setkey -D -P" to
} > see what the kernel is seeing.
} Why do I need a tunnel?
A tunnel is basically encapsulation of any sort. So, when you
encapsulate any of kind of packet with an IPSec (ESP) wrapper, you
have essentially created a tunnel.
}-- End of excerpt from Darren Reed
Main Index |
Thread Index |