[Openswan Users] FreeSWAN, Wireless Windows 98/ME/2K/XP
RoadWarriors, DHCP over IPsec - overview
John A. Sullivan III
john.sullivan at nexusmgmt.com
Tue Jun 8 17:19:24 CEST 2004
I'm sorry but I missed the initial e-mail for this thread. What is your
ultimate goal, Jeannot? Are you looking for an immediate solution or are
you designing a product? I ask for two reasons.
First, one of the early extensions we have planned for the ISCS project
(http://iscs.sourceforge.net) is a wireless gateway. The idea is that
one can allow wireless users to access any part of the WAN with their
access control based upon any of a number of forms of extended
authentication, i.e., not only IP address but X.509 certificate fields
furnished via SSL or IPSec, Active Directory, NDS, LDAP, SecureID
tokens, RADIUS. If a cracker cracks their way into connecting to the
AP, they still can't go anywhere unless they can furnish such extended
authentication. Conversely, when the wandering CEO fires up their
wireless laptop in a remote office and calls screaming at the IT
department because the they forgot to tell IT about needing a particular
access, IT can alter the configuration of both the end point where the
CEO is and the other end point where the needed Resource is, safely,
with minimal exposure to human error and in a matter of seconds. ISCS
is designed to handle thousands and perhaps tens of thousands of AP's
from a centralized distribution point. Since it is a three tiered
solution (Policy Manager, Distribution Point, Policy Enforcement Point
(AP)), the changes can be made through concurrent administrators located
anywhere. So, if your need is more long term and a part of product
development, you may find ISCS very helpful.
The second reason is that we have done a great deal of successful work
with DHCP-over-IPSec and internal Roadwarriors. We call the latter our
GNOC configuration since, to protect our clients, all access from our
GNOC's to our client sites is supposed to pass from our desktops to the
gateway in encrypted form. Thus, all the users on the inside of the
gateway use IPSec clients. We have posted our configurations (including
the GNOC configuration) and slide shows for the set up in the training
section of the ISCS home page (http://iscs.sourceforge.net). I hope you
find it helpful - John
On Tue, 2004-06-08 at 15:44, Jeannot Langlois wrote:
> Hi Trevor,
>
>
> First, thanks for your help. I really appreciate your time helping me out.
--
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevelopmentcorp.com
More information about the Users
mailing list