Netdev List
 help / color / mirror / Atom feed
* Double Encryption
@ 2005-09-16 13:36 Alaa Dalghan
  0 siblings, 0 replies; only message in thread
From: Alaa Dalghan @ 2005-09-16 13:36 UTC (permalink / raw)
  To: users, linux-crypto, linux-kernel, linux-net,
	linux-security-module, netdev

Hi everyone,

I have an OpenSWAN (2.3.1) box accepting ipsec tunnels from wireless 
(802.11) clients equipped with Linux and Windows XP.
Wireless clients are using the openswan gateway to exchange data securely 
between each other, so there are no direct tunnels between client 
themselves.
The gateway is doing the routing job fine but there is a security gap when 
it has to decrypt data sent by a given client and then reencrypt it before 
sending it to the ultimate destination. It may be better not to expose the 
data in the clear at the gateway.

I know this can be solved by using double encryption (tunnel inside a  
tunnel), but, I wonder if  there is a better alternative?
I was thinking of using L2TP/IPSec tunnels instead of pure IPSec tunnels, 
and then, maybe I can use L2TP encryption to encrypt end-to-end and IPSec 
encryption to encrypt end-to-gateway. Would this work?

I appreciate any help and advices.

Alaadin

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2005-09-16 13:36 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-16 13:36 Double Encryption Alaa Dalghan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox