Pathwalker (pathwalker) wrote,
Pathwalker
pathwalker

IPSEC

So, I've been thinking - about IPSEC in particular.

From what I've read, it appears that if you are using an IKE daemon such as Raccoon, you can run it in an ad-hoc mode where it creates and tears down encrypted connections as needed.

So, I have this idea - why not set up IPSEC in ad-hoc mode on ports 25 and 209?

It seems like it shouldn't interfere with normal use, and if someone else does it, all email sent between the two boxes should be transparently encrypted.

The thing that is stopping me from trying it, is after some web searches, I can't find anyone who is doing it. It seems like such an obvious use, I feel I must be missing some huge problem with it.

as far as I can tell, I would just have to set up raccoon to allow anonymous key exchange, and then run these commands:

spdadd house.ofdoom.com[25] 0.0.0.0/0[any] any -P out ipsec esp/transport//use -P in ipsec esp/transport//use
spdadd house.ofdoom.com[any] 0.0.0.0/0[25] any -P out ipsec esp/transport//use -P in ipsec esp/transport//use
spdadd house.ofdoom.com[209] 0.0.0.0/0[any] any -P out ipsec esp/transport//use -P in ipsec esp/transport//use
spdadd house.ofdoom.com[any] 0.0.0.0/0[209] any -P out ipsec esp/transport//use -P in ipsec esp/transport//use

But I could be totally wrong. I guess next weekend I'll have to set up some machines at home, and try it out.
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments