Anders, Our situations differ a bit, however I've found Debian's racoon package to be quite useful. I just use it to encrypt all traffic between two hosts that use NFS and XDMCP on my LAN. Who says NFS can't be secure in transit? I also only use PSKs and haven't bothered with certs.
When you install it, debconf will ask if you want to use racoon-tool. I've only used racoon with the racoon-tool configuration file, which I understand simplifies things. After installing, there are really only three steps: 1. Add your host/PSK entry to /etc/racoon/psk.txt 2. Add a connection to /etc/racoon/racoon-tool.conf 3. Restart /etc/init.d/racoon It's not perfect. The most annoying issue in my little setup is that NFS doesn't mount immediately on boot. It seems it takes some time (seconds) for the connection to become available and the first few packets go nowhere. I think this is pointed out in the IPSec HOWTO. -Jeff On Mon, 2005-08-08 at 21:14 +0200, Anders Breindahl wrote: > Hello list, > > I am going to be fiddling with some ipsec'ing for securing my WLAN and > enabling tunnelling to my home network through the Internet. > I had great success last time I asked d-u for such quick advise, so I'll try > again: > > Can you please provide your preferred points of entry to the field of > tunnelling and automatic keying? > Is IPsec and Racoon what I want? Which alternatives exist? > Are there any common sources of error in this field, that I should be aware > of? > Anything else worth mentioning? > > I should mention, that I have tried the IPsec HOWTO by Ralf Spenneberg, but > it > didn't answer all my questions. Great short introduction, though. > > Regards, > Anders Breindahl/skrewz. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
