tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec vs ssh



On Mon, Nov 11, 2013 at 05:40:44PM -0800, John Nemeth wrote:
> On Nov 12, 12:28pm, Darren Reed wrote:
> } On 12/11/2013 7:48 AM, John Nemeth wrote:
> } ...
> } > } > } > Also, just encrypting icmp is next to useless.
> } > } > } 
> } > } > } Encrypting only icmp is perfect for testing until the configuration
> } > } > } is correct and properly operationalised.
> } > } > 
> } > } >      True enough.  Does the tunnel come up and work?  Can you ping
> } > } > both directions through the tunnel?
> } > } 
> } > } Almost.
> } > 
> } >      Then this is the real problem:  you don't have a viable tunnel.
> } > 
> } >      You might want to use "setkey -D" and/or "setkey -D -P" to
> } > see what the kernel is seeing.
> } 
> } Why do I need a tunnel?
> 
>     A tunnel is basically encapsulation of any sort.  So, when you

Wrong, wrong, wrong.  IPsec has separate tunnel and transport modes.

Thor


Home | Main Index | Thread Index | Old Index