IP SEC & Red Hat Enterprise Linux ES release 2.1 1

[iclarke]

There seems to be a ipsec-tools package provided for later versions of Redhat ES. Is there a version for 2.1? Is this differnet for the freeswan ipsec and if so which is the better option to take?

Can you tell me how safe the kernal patching process is to link KLIPS statically into the kernel? I have no facility for testing and will have to make the patch on the production server.

Any advice or product recommendations would be much appreciate

Many Thanks

Ian

 

[thedaver]

FreeSWAN is dead isn't it?
There are other tools that provide good VPN without kernel patches.

OpenVPN for one...

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[iclarke]

Thanks for the pointer. I will investigate further. Do you happen to know if a site to site vpn can be configure through a Checkpoint Firewall-1 firewall using OpenVPN?

 

[thedaver]

As far as I'm aware, OpenVPN relies upon there being a permitted end-to-end TCP/UDP port path open between the two end points.

So if your firewall permits a specific TCP or UDP/PORT to at least go outbound, then you can create the VPN - assuming that the firewall allows established connections back in.

Typically on a linux/IPTables firewall, I open up the needed port and then tell the endpoints on OpenVPN to start chatting.

OpenVPN even supports 1 or 2 dynamic IP endpoints, though I've never tried it with more than one dynamic endpoint. Makes getting back into homebase easy when you're travelling with your laptop.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/