Linux/Mac IPsec into Contivity?

Michael H. Warfield mhw at wittsend.com
Thu Nov 18 13:23:24 EST 1999 

On Thu, Nov 18, 1999 at 07:55:05AM -0800, Chris Carlson wrote:
> Ken,

> Yes, the Linux Free S/WAN is IPSec.  It definately
> supports 56-bit DES, not sure about 168-bit 3-DES.

	No...  It doesn't support 56 bit DES any more.  They removed that
support after DES was broken repeatedly and proven too insecure.  They
refuse to even make it easy to put it back in (although, technically you
can do the same job with 3des where the keys are identical - the 3des/des
compatibilty mode in the cypher).  They definitely support 3des with
112 bit keys.  Don't know if they have full 3des where all three keys
are independent (168 bit keys).  The 112 bit varient, you encrypt with
the first key, decrypt with the second key, and then encrypt again with
the first key (EDE mode).  That's algorithmically equivalent to des if
both 56 bit keys are the same.  That's normally what's referred to when
someone simply mentions 3DES (the 112 bit varient, that is).

	Reference:  Applied Cryptography, 2nd ed, Bruce Schneier, pp 359

> Chris
> --
> 
> --- "Chen, Ken C" <ken.c.chen at lmco.com> wrote:
> > Does the Linux client create an IPsec tunnel?
> > 
> > 
> > -----Original Message-----
> > From: Chris Carlson [mailto:carlsonmail at yahoo.com]
> > Sent: Tuesday, November 09, 1999 4:37 PM
> > To: David Mostardi; vpn at listserv.secnetgroup.com
> > Subject: Re: Linux/Mac IPsec into Contivity?
> > 
> > 
> > David,
> > 
> > You have a couple of (limited) options:
> > 
> > 1) Use a PPTP or L2TP client for Macintosh.  Network
> > Telesystems (www.nts.com) makes such a client.
> > 
> > 2) Linux can use Free S/WAN to tunnel to the
> > Contivity, but it creates a branch office tunnel,
> > and
> > not an end-user tunnel.  I think you must turn off
> > Perfect Forward Secrecy on Contivity v2.50 for this
> > to
> > work.
> > 
> > 
> > Hope this helps!
> > Chris
> > --
> > 
> > --- David Mostardi <davidm at mdli.com> wrote:
> > > I've got a BayNetworks/Nortel Contivity 1500 box.
> > > The IPsec client that comes with it only supports
> > > Win95/Win98/WinNT.  I've got users who want to get
> > > in
> > > through Linux or Macintosh.  Has anyone
> > successfully
> > > gotten into Contivity over these platforms?
> > > 
> > > TIA,
> > >
> >
> ------------------------------------------------------------------------
> > > David Mostardi                                
> > Web:
> > > http://www.mdli.com
> > > Unix Systems Manager                        
> > Email:
> > > davidm at mdli.com
> > > MDL Information Systems, Inc.               
> > Voice:
> > > (510) 357-2222 x1420
> > > 14600 Catalina St., San Leandro CA 94577      
> > Fax:
> > > (510) 352-2870
> > > 
> > >       -- "When in danger or in doubt, run in
> > > circles, scream and shout"
> > > 
> > 
> > =====
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Bid and sell for free at http://auctions.yahoo.com
> > 
> >
> ****************************************************************
> > TO POST A MESSAGE on this list, send it to
> > vpn at listserv.secnetgroup.com
> > 
> > The VPN FAQ (under construction) is available at
> > http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> > 
> > We are currently experiencing "unsubscribe"
> > difficulties.  If you
> > wish to unsubscribe, please send a message
> > containing the single line
> > "unsubscribe vpn your-e-mail-address" to
> > owner-vpn at listserv.secnetgroup.com
> > 
> >
> ****************************************************************
> > 
> >
> ****************************************************************
> > TO POST A MESSAGE on this list, send it to
> > vpn at listserv.secnetgroup.com
> > 
> > The VPN FAQ (under construction) is available at
> > http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> > 
> > We are currently experiencing "unsubscribe"
> > difficulties.  If you
> > wish to unsubscribe, please send a message
> > containing the single line
> > "unsubscribe vpn your-e-mail-address" to
> > owner-vpn at listserv.secnetgroup.com
> > 
> >
> ****************************************************************
> > 
> 
> __________________________________________________
> Do You Yahoo!?
> Bid and sell for free at http://auctions.yahoo.com
> 
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
> 
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> 
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
> 
> ****************************************************************

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list