From: "Alaa Dalghan" <alaadalghan@hotmail.com>
To: users@openswan.org, linux-crypto@nl.linux.org,
linux-kernel@vger.kernel.org, linux-net@vger.kernel.org,
linux-security-module@mail.wirex.com, netdev@vger.kernel.org
Subject: Double Encryption
Date: Fri, 16 Sep 2005 13:36:04 +0000 [thread overview]
Message-ID: <BAY106-F27CF4B237502C97B89C9B3AB910@phx.gbl> (raw)
Hi everyone,
I have an OpenSWAN (2.3.1) box accepting ipsec tunnels from wireless
(802.11) clients equipped with Linux and Windows XP.
Wireless clients are using the openswan gateway to exchange data securely
between each other, so there are no direct tunnels between client
themselves.
The gateway is doing the routing job fine but there is a security gap when
it has to decrypt data sent by a given client and then reencrypt it before
sending it to the ultimate destination. It may be better not to expose the
data in the clear at the gateway.
I know this can be solved by using double encryption (tunnel inside a
tunnel), but, I wonder if there is a better alternative?
I was thinking of using L2TP/IPSec tunnels instead of pure IPSec tunnels,
and then, maybe I can use L2TP encryption to encrypt end-to-end and IPSec
encryption to encrypt end-to-gateway. Would this work?
I appreciate any help and advices.
Alaadin
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
reply other threads:[~2005-09-16 13:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BAY106-F27CF4B237502C97B89C9B3AB910@phx.gbl \
--to=alaadalghan@hotmail.com \
--cc=linux-crypto@nl.linux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=linux-security-module@mail.wirex.com \
--cc=netdev@vger.kernel.org \
--cc=users@openswan.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox