i wonder if this scenario is possible and what possible configuration there
is that could provide it:
lets say your in a building and you're paraniod that anyone can walk in and
plug a machine into the ethernet and start sniffing around on the network.
(tbh, i believe this is the unsafest part of any internal network)
so can ipsec provide the following:
+---------------------+
| SSH Sentinel Client |-------+ LOCKED ROOM
+---------------------+ |
|
+---------------------+ | +----------+ +-------------+
| SSH Sentinel Client |-------+------| freeswan |---+---| PDC, DHCPD, |
+---------------------+ | +----------+ | | EMAIL, ETC |
| | +-------------+
+---------------------+ | |
| SSH Sentinel Client |-------+ Internet
+---------------------+ | Connection
|
+---------------------+ |
| Stranger to your |-------+
| network |
+---------------------+
In this scenario, you could actually share the same bit of ethernet with
other companies, strangers that are trying to sniff your traffic, etc - and
they cant see anything unencrypted without the ipsec tunnel.
The problem that i see is that the left and right config of freeswan is all
part of the same network. e.g. left is 192.168.0.0/24 and so is the right
hand side.
Indeed, several companies could share this scenario by having different
locked server rooms and just having different subnets 192.168.0.1/24,
192.168.0.2/24, etc but sharing the same building and the same ethernet.
Any help gratefully appreciated,
Wilf
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:59 CEST