Michael Grimm wrote: [dd]
> > Then this mail made my day: > > >> What do I need? > >> #) a VPN tunnel between two hosts > >> #) both local networks reachable from the remote host > > > > That is what kernel IPSec is for, you can even do it on static keys > > without any ISAKMP daemon like racoon. See an example in if_ipsec(4). > > I did install my IPSEC/racoon tunnel many years ago and missed the recent > implementation of if_ipsec completely. > > Victor, thank you very, very much for pointing me to this interface. > Now, my tunnel is far less complicated to implement[1], and I will no > longer need security/ipsec-tools at all! You are welcome. But maybe one day you'll want to change your IPSec keys more often than in a manual setup, then you'll return to some ISAKMP implementation. I've been trying out strongswan for the last 2-3 days and must admit it's not that scary when you grasp the concept. But it is not without its problems either, see my another post about it. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
