VPN's (fwd)
Angelos D. Keromytis
angelos at DSL.CIS.UPENN.EDU
Thu Feb 24 10:54:21 EST 2000
>From: Carson Gaspar <carson at TLA.ORG>
>To: VPN at SECURITYFOCUS.COM
>Subject: Re: VPN's (fwd)
>
>The _correct_ way to handle authorization is to have it integrated with the
>VPN, so that all the information necessary for making the authorization
>decision is available. Unfortunately, I know of no free VPN implementation
>that does this. Here's one of my VPN policy torture testd for folks who try
>to sell me VPNs:
[snip examples]
Someone else forwarded me this message, and I felt obliged to respond :-)
The OpenBSD IPsec in -current (that is, after the 2.6 release in December)
has ingress filtering at the SA level. This means you can specify exactly
the examples you mentioned, except that we don't support securid authentication
in isakmpd (there's no standard way for it).
Then again, I'm not trying to sell you a VPN :-)
Enjoy,
-Angelos
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list