IPSec in Linux/Unix distrabutions have made great strides in there IPSec implementations. It is now relativly easy to create an IPSec tunnel between two boxes of the same type. For example, [http://www.securityfocus.com/infocus/1859?ref=rss]. But, interoperbility between platforms still requires the user to whild dark the dark magic of IPSec. OpenBSD has a very nice IPSec implementation.Read more for sample config files for a OpenBSD to Linux tunnel
(more…)
I rebuilt my firewall last night with OpenBSD 3.9 and pf. I was using CentOS 4.3 with  iptables. pf [http://www.openbsd.org/faq/pf] is awsome, it total blows iptables away. The real reason for the rebuild was I wanted better IPv6 support and IPSEC support. I have been having a hard time finding a good IPv6 tunnel broker to connect to, and I see that http://www.6bone.net/ is shutting down. This is a good in way, it hopefullymeans that there will be more production IPv6 address being deployed. I hope ISP here in Canada start offering IPv6 addresses soon. (more…)