Double Encryption

Hi everyone,

I have an OpenSWAN (2.3.1) box accepting ipsec tunnels from wireless (802.11) clients equipped with Linux and Windows XP. Wireless clients are using the openswan gateway to exchange data securely between each other, so there are no direct tunnels between client themselves. The gateway is doing the routing job fine but there is a security gap when it has to decrypt data sent by a given client and then reencrypt it before sending it to the ultimate destination. It may be better not to expose the data in the clear at the gateway.

I know this can be solved by using double encryption (tunnel inside a tunnel), but, I wonder if there is a better alternative? I was thinking of using L2TP/IPSec tunnels instead of pure IPSec tunnels, and then, maybe I can use L2TP encryption to encrypt end-to-end and IPSec encryption to encrypt end-to-gateway. Would this work?

I appreciate any help and advices.

Alaadin

_________________________________________________________________

Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: empty kbuild rebuilding all 2.6.13-mm3 ia64 sn2
• Next by Date: Re: aoe fails on sparc64
• Previous by thread: [PATCH] ppc32: Add ppc_sys descriptions for PowerQUICC I devices
• Next by thread: Re: [patch] hdaps driver update, updated.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]