[Openswan Users] DNSSEC opportunistic encryption: just a beautiful dream?
Niccolò Belli
darkbasic at linuxsystems.it
Sun Mar 11 12:38:38 EDT 2012
Il 11/03/2012 17:22, Paul Wouters ha scritto:
> yum install dnssec-trigger
>
> https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations
Unfortunately I don't use Fedora and my intention is to put openswan
directly in the gateway, not in the single clients.
All clients do already use a local validating resolver (bind), but I
really don't know how to do the following steps:
> 4) if received, unbound runs an ipsec whack command that pushes the
> IP from the A/AAAA record with the IPSECKEY obtained RSA key into
> pluto
> 5) pluto loads the policy, meaning it will %trap packets to the IP
> 6) unbound releases the A/AAAA to firefox
Thanks,
Niccolò
More information about the Users
mailing list