On Fri, Dec 19, 2003 at 07:18:38AM +0530, Laxmi_Narsaiah wrote: > I am sorry, I am not clear...U mean to say this IPTABLES supports 3DES ??? IPTables itself has no use for 3DES. If you mean IPSec (FreeS/WAN), yes, FreeS/WAN supports 3DES. IPSec is provided by the FreeS/WAN package, not by IPTables. But IPSec is an IP protocol (two actually) so it does get processed and filtered by IPTables, yes. IPTables won't know anything about 3DES. It will know about AH (IP protocol 51) and ESP (IP protocol 50). You can filter those in IPTables. But the VPN stuff itself will be managed by FreeS/WAN. IPTables is in the stock kernels. FreeS/WAN is an add-on and can add IPSec to the 2.4 kernels. IPSec (the kernel level encryption code) has been added to the 2.6 kernel and can be managed by the user-land FreeS/WAN utilities. Mike > -----Original Message----- > From: John A. Sullivan III [mailto:john.sullivan@xxxxxxxxxxxxx] > Sent: Thursday, December 18, 2003 8:25 PM > To: Laxmi_Narsaiah > Cc: 'netfilter@xxxxxxxxxxxxxxxxxxx' > Subject: Re: Can I have DES / 3 DES VPN with IPtables Kernal kernel > version 2. 4.20 with IPSEC installed > > > On Thu, 2003-12-18 at 07:58, Laxmi_Narsaiah wrote: > > Hi, > > > > Can I have DES / 3 DES VPN with IPtables Kernal kernel version 2.4.20 > > with IPSEC installed, please let me know. > > > <snip> > We do this all the time with FreeS/WAN. In fact, we are developing > a > GUI front end to managed combined firewall and VPN security for large, > complex implementations. You can find training slide shows on using > iptables, FreeS/WAN, iproute2 and DHCP at http://iscs.sourceforge.net - > Good luck > -- > John A. Sullivan III > Chief Technology Officer > Nexus Management > +1 207-985-7880 > john.sullivan@xxxxxxxxxxxxx > --- > If you are interested in helping to develop a GPL enterprise class > VPN/Firewall/Security device management console, please visit > http://iscs.sourceforge.net > ************************************************************************** > This email (including any attachments) is intended for the sole use of the > intended recipient/s and may contain material that is CONFIDENTIAL AND > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or > distribution or forwarding of any or all of the contents in this message is > STRICTLY PROHIBITED. If you are not the intended recipient, please contact > the sender by email and delete all copies; your cooperation in this regard > is appreciated. > ************************************************************************** -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgp00702.pgp
Description: PGP signature
