[Openswan Users] Success with broadcast through GRE
Paul Wouters
paul at xelerance.com
Sat Oct 8 00:11:42 CEST 2005
On Fri, 7 Oct 2005, Michael Jurney wrote:
> In a traceroute it would look like one hop, no matter how many hops the GRE
> tunnel traverses.
It is supposed to look like that.
> The ipsec tunnel isn't connecting private IP space - It's connecting 1.2.3.4
> and 6.7.8.9. That's why encryption and transit are independent in this
> configuration. If GRE is up, the networks can see each other. If ipsec is
> up, all traffic between the two gateways is encrypted. Either can function
> without the other.
You are breaking the inbuilt security of ipsec. IPsec was designed to NOT
leak out clear text packets when for some reason, encryption would fail.
How do you describe the security of your link now anyway? Is it save for
windows users to logon? Is FTP/pop safe? Your answer now seems to me "most
of the time", which from a security point of view means it only takes
time before security is compromised.
Paul
--
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the Users
mailing list