There is trivial security in GRE tunnels. Or possibly none at all. If you make your GRE tunnel with the command "ip tunnel add $tun mode gre remote $remaddr local $localaddr key $key" (I believe that's the correct syntax), then your tunnel has a key. It's not an encryption key, it's an authentication key, and it's sent in cleartext, but it's a key. If you want security, wrap your GRE in IPSec or similar. Bruce is Bruce Schneier, author of "Applied Cryptography" and "Secrets and Lies", head of Counterpane Internet Security (http://www.counterpane.com/), frequent speaker and general luminary on the topics of computer and internet security, encryption etc.., and generally all around cool guy. Although you may not get much from e-mailing him directly (he's pretty busy), reading back issues of his newsletter (CryptoGram) is generally enlightening, and he's written some very good whitepapers on cryptography issues (I beleive the original "mail Bruce" comment came about from a question on his paper on the weaknesses of the PPTP protocol) -Joe > -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On > Behalf Of Greg Scott > Sent: Friday, January 11, 2002 9:22 AM > To: 'Michael T. Babcock' > Cc: 'LARTC List' > Subject: RE: [LARTC] Gre Tunneling Problem > > > Does anybody know how security works in Linux GRE tunnels? (It's not > in the HOWTO.) And who is Bruce anyway? > > - Greg > > > -----Original Message----- > From: Greg Scott > Sent: Wednesday, January 09, 2002 1:40 PM > To: 'Michael T. Babcock' > Cc: LARTC List > Subject: RE: [LARTC] Gre Tunneling Problem > > > Who is Bruce? > > geez, I'm an idiot! That GRE tunneling stuff is in chapter 5 of the > advanced routing HOWTO! But who is Bruce? > > - Greg > > > > -----Original Message----- > From: Michael T. Babcock [mailto:mbabcock@fibrespeed.net] > Sent: Wednesday, January 09, 2002 12:44 PM > To: Greg Scott > Cc: LARTC List > Subject: Re: [LARTC] Gre Tunneling Problem > > > On Wed, Jan 09, 2002 at 12:28:12PM -0600, Greg Scott wrote: > > That paper (great work!) tells about the Microsoft PPTP problems. > > > > But what about the Linux GRE tunnel documented in the HOWTO? Does > > it have the same implementation problems? > > I have no idea ;-) > > You could E-mail Bruce and ask though ;-) > -- > Michael T. Babcock > CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) > http://www.fibrespeed.net/~mbabcock/ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
