[TriLUG] help! IPsec VPN over SSH?
Mike Johnson
mike at enoch.org
Fri Feb 25 10:27:37 EST 2005
gregbrown at mindspring.com wrote:
> But, the client DOES allow SSH outbound I can access my home server
> from this location. So.. the question becomes it is possible to
> tunnel IPSec over SSH? Kind of like a IPSec-Squid proxy thing? Has
> anyone ever done this? Is it even possible? Has anyone ever
> accomplised this and, if so, how?
Um, you are aware that IPSec uses protocols 50 and/or 51, right? Not IP
(number 0). I'd be very surprised if there was a proxy that supported
this kind of thing.
However, there is always more than one way to do it. Check out
Etherpuppet: http://www.cartel-securite.fr/pbiondi/projects/etherpuppet
It will let you essentially create a tunnel between two hosts at an
interface level. Create an Etherpuppet tunnel through SSH from inside
the network to somewhere outside that allows IPSEC, then IPSEC from that
site to wherever your ultimate IPSEC destination is.
Pain in the ass, but it would work. What you are trying to do is (to my
knowledge) not easy.
Mike
More information about the TriLUG
mailing list