Re: VPN using IPSec over PPPoE

From: Daniel Rudy (dcrudy_at_invalid.pacbell.nospam.net.0123456789)
Date: 04/11/04 

Date: Sun, 11 Apr 2004 03:54:18 GMT

And somewhere around the time of 04/10/2004 03:03, the world stopped and
listened as jpd contributed the following to humanity:

> On 2004-04-10, Daniel Rudy
> <dcrudy@invalid.pacbell.nospam.net.0123456789> wrote:
>
>>And somewhere around the time of 04/10/2004 00:04, the world stopped and
>>listened as jpd contributed the following to humanity:
>>
>>>So you already have PPPoE running. Try and setup IPsec right away.
>>
>>Right. I've been looking at it and have been modifying the kernel
>>config file for a recompile.
>
>
> You don't need to do that. You need netgraph and a couple of ng_* modules
> (altough you are free to compile them in anyway) and ppp(8). And some
> configuration, of course.
>

Actually, tht part is already set up and compiled in as it has been
working ok for months now. What I was talking about was compiling in
IPSec support into the kernel, which I have already done.

>
> [snip]
>
>>>IPsec is just another protocol on top of IP, but if the ISP doesn't allow
>>>those to go through (sue! sue!) you can setup an ip-in-udp-on-ip tunnel
>>>or something like that to work around it.
>>
>>My ADSL is the "expert package" service where I have the 6 megabit pipe.
>
>
> I see you've got some homework to do. <evil grin>
>

Not really, I see what I need to do now. But what's going to be fun is
getting it to work with OpenSSL authentication. So far I've learned how
to become my own Certificate Authority, learned to make and sign
certificates, etc. I'm still researching that part of it.

>> So IPSec is on top of IP? Is it an actual protocol like TCP, UDP, and
>>ICMP?
>
>
> $ grep -e esp -e ah /etc/protocols
> esp 50 ESP # encapsulating security payload
> ah 51 AH # authentication header
> $
>
> Yes, it is.
>

That's what I wasn't sure about. Now I have to go talk to the ISP.

>
>
>> As for the ISP, they basically don't care what I do as long as 1
>>- I don't cause a problem on their network, and 2 - they don't get any
>>complaints. But I'm going to have to call them to see what protocols
>>they allow on their network transport. As I understand it, they are
>>just providing a pipe.
>
>
> Then you should be all set. Don't worry about the PPPoE slip-in layer,
> once you've got that working. That is, it should carry ppp just fine,
> and ppp usually carries ``clean'' IP, so that _should_ be no problem.
>
>

Hey, thanks for your help in pointing me in the right direction. I
really do appriciate it.

Later. 

-- 
Daniel Rudy
Remove nospam, invalid, and 0123456789 to reply.

Relevant Pages

  • RE: Due diligence
    ... or whatever the main config file for ... by webserver config.. ... isp wants to configure it for.. ...
    (freebsd-isp)
  • Re: 2.6.25-rc6 compile error in drivers/acpi/osl.c
    ... compiling 2.6.25-rc6 on my up to date fedora 8 system ends with ... drivers/acpi/osl.c:334: error: (Each undeclared identifier is reported only once ... you haven't sent the correct .config file. ...
    (Linux-Kernel)
  • Re: 2.6.25-rc6 compile error in drivers/acpi/osl.c
    ... (added Randy as CC just in case it ends up being a problem with 7ce9573e093891f5807e6e50f3bd2012f1e5d0fe) ... compiling 2.6.25-rc6 on my up to date fedora 8 system ends with ... you haven't sent the correct .config file. ...
    (Linux-Kernel)
  • RE: .net framework version, visual studio 03
    ... You can use a config file to direct the runtime to use a particular version ... framework using an older version of VB.net, ... I think you only have to switch one reference for each project, ... When compiling the release, I did the switch. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: framebuffer problem in 2.6.9?
    ... > I just downloaded and compiled the kernel-source 2.6.9 of Debian after ... > applying swsusp2 patches. ... First I tried with my current config file ... I had this same problem and ended up solving it by compiling vesafb as a ...
    (Debian-User)