Re: Alternatives for IPSec?

[Saad Kadhi <bsdguy@docisland.org>]

On Fri, 2002-02-01 at 13:54, Jyri Hovila wrote:
> Hi Cedric and others! 
> 
> >>I'm having a problem with one ISP who does not allow customers to use
> >>ESP protocol. Are there any alternatives to IPSec for creating VPN
> >>tunnels between two OpenBSD 3.0 gateways?
> 
> >For simple things, you can use SSH port redirection.
> 
> Unfortunately it doesn't work in this case. I need to connect two whole
> LAN's together.
Then what about ppp over tcp inside an ssh tunnel ? I've used it thrice
on different networks & it does work mate ! The idea is that one gateway
(gw1) will act as an SSH client + a PPP endpoint & the other (gw2) is
the SSH server + the other PPP endpoint. The required skills for this
are:
1. SSH port forwarding to forward the TCP port on which ppp will create
a "virtual network"
2. a good ol' rtfm of ppp manpage (explained there very nicely)*
3. routing setup on both LANs behind gw1 & gw2

Look in the archives. there has been a thread about this 2/3 months bef4
if my brain is working properly.

HTH

> 
> >Now if you are a C programmer and want to pass ESP packet through
> >your ISP, you can easily write a small daemon that encapsulate ESP
> packet s
> >in UDP packets. It's a one-day development!
> >Cedric
> 
> I'm afraid I'm not too familiar with C. With my skills it's more like a
> six-months development... =) But if there was anything like this
> available, it would be just what I need.
> 
> Thanks again!
> 
> Yours,
> 
> Jyri
> 
-- 
/Saad Kadhi --  [skadhi@ib-group.com] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well
-- 
/Saad --  [bsdguy@docisland.org] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well