Slashdot Mirror
Securing Wireless Networks with IPSEC and FreeBSD
GoldenScrewdriver writes: "A colleague of mine has written an excellent article on how to secure your wireless network using an IPSEC VPN tunnel, NAT, and a FreeBSD firewall. With the inherent weaknesses of WEP, I thought this article might be interesting to those who prefer some privacy on their wireless link." If this might fit your situation, you might also find this earlier article interesting as well.
But wouldn't it be easier to use .NET and not open yourself up to security problems?
At work I've been running an IPsec VPN on FreeBSD for quite a while now. It's a great thing-- sort of tricky to set up but runs like top once it's up. I never was able to figure out how to work NAT into the picture, though. On Linux NAT and firewalling and FreeS/WAN are very well integrated, but on FreeBSD we use KAME which has a very IPv6 sensibility. No need for NAT in IPv6, so it just doesn't seem to play nice.
This article explains the trick to it-- run NAT on the internal interface! Should have thought of that!
BTW, if anyone is curious KAME to FreeS/WAN VPNs work just fine. Ours was set up that way for quite some time.
Sheesh! This is getting out of hand. GoldenScrewdriver writesOK, I admit, I missed the last word there, "link", and concentrated on the previous phrase "wireless network", which also appears in the subject ("Securing Wireless Networks with IPSEC and FreeBSD"). But, true to Slashdot form lately, this is not about securing wireless networks, it's about securing a wireless link between your firewall and your ISP. Yeah, right -- that applies to what, five people? V.s. hundreds running actual wireless LANs on the other side of the firewall?
GIVE US A FUCKING BREAK. PLEASE make the subjects reflect what the story's really about, so we won't waste our time!
No, I didn't. That earlier article had nothing about encrypting wireless LANs, other than the helpful suggestion that you might want to consider it, and concludes with "Configuring IPsec is beyond the scope of this article." No shit.If all this should have a reason, we would be the last to know.
Netcraft officially confirms: *BSD is dying
Yet another crippling bombshell hit the beleaguered *BSD community when recently IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and *BSD's long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
*BSD is dying. Poopity-poop-poop.
*BSD is dying. Poopity-poop-poop.
*BSD is dying. Poopity-poop-poop.
*BSD is dying. Poopity-poop-poop.
I am a Computer Information Systems Professional at a major Fortune 500 corporation. Very recently the head of our IT department decided that we were going to switch every one of our networks over to Windows XP Professional. We had previously been running OpenBSD on all our quad processor Xeons. Some of them had had uptimes approaching a year! My personal favourite, Gerbil, had been running without a reboot for three years.
One day one of those Microsoft shills that you often read about on the Register came by for a visit. I grew very suspicious about what was going on when my boss and the Microsoft representative walked by my desk, and entered the server room. I could hear muffled voices through the closed door. The Microsoft representative was asking what we were running on our servers! My worst fears had come true. I sat at my desk for the rest of the day, silently awaiting the bad news. The news did not come until the next day. It was worse than I had feared. We were to be a Microsoft only shop from that day on! I could not believe it. The Microsoft representative had told my boss that the operating and support costs would actually go down. And my boss had fully bought into it, hook, line, and sinker.
Tough times hit our company in the last month, and we were forced to lay off a few of the less experienced IS/IT workers. One of them took this rather hard. As a last minute attempt at corporate sabotage, he decided to change all of the Computer Administrator passwords on a few of the XP Professional boxes sitting around in the server room. This caused absolute havoc, as Dell had failed to send along administrator passwords for the new boxes. Our company could not make use of these computers for three days. It took Dell that long to get us the administrator passwords. It is strictly because of Microsoft's poor implementation of a multi-user computing environment that our company lost three days of productivity.
Needless to say, I had our quad Xeons back running OpenBSD by the end of the week. Gerbil is back on its way to another glorious 3 years of uptime.
I am a *BSD user
and I try hard to be brave
That is a tall order
*BSD's foot is in the grave.
I tap at my toy keyboard
and whistle a cheerful tune
but keeping happy is so hard,
*BSD will be dead soon.
Each day I wake and softly sob
Nightfall finds me crying
Not only am I a zit faced slob
but *BSD is dying.
The article goes about the tunnel process in a different manner, but it still does not say anything about interoperability with win2k. Could the authors (or someone else) comment on how to get an IPSec replacement for WEP that works with both FreeBSD and Win2k.
I'm aware of this article, but it uses transport mode and is inadequate as a WEP replacement.
Thanks in advance.
Netcraft officially confirms: *BSD is dying
Yet another crippling bombshell hit the beleaguered *BSD community when recently IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and *BSD's long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
DESCRIPTION: freebsd, operating system
IDENTIFICATION: no system V init, kernel compile configuration only via file, no documentation
WARNING !
Freebsd is usually armed ! Uses original Bourne shell to annoy users, attacks with IP6 when threatened.
CHARGES: molesting linux and windows users, purposeful consumation of processing resources,
illegal possession of procession resources,
theft of harddisk space, trespassing into
other OSs partitions
WANTED: DEDD
I hope you realize that OpenBSD has no SMP support and therefore you had 3 idle processors per machine for 3 years!! LOL. That's funny. 3 Processors doing absolutly nothing for 3 years... wow. Don't you feel like a Devry grad?
But wait, development continues strong with a release every 4 months. And FreeBSD 5.0 is due out in 6 months. Oh, you're right, linux has more users. And 95% of them can't program "hello world". What if I told you that all the linux guru's are migrating to BSD because linux has gained a rep as the newbies UNIX? Would that scare you? How about if I told you about FreeBSD's release engineering team or the tight organization of the project? Linux is a "throw your shit in the pile" OS whereas FreeBSD has clearly defined project goals. Developing a complex system requires organization and FreeBSD has that. And since FreeBSD is Open Source, I don't see how it can die... You're just jealous because KDE isn't installed by default and you can't do anything without it. FreeBSD is growing and growing fast my friend!
But wait, development continues strong with a release every 4 months. And FreeBSD 5.0 is due out in 6 months. Oh, you're right, linux has more users. And 95% of them can't program "hello world". What if I told you that all the linux guru's are migrating to BSD because linux has gained a rep as the newbies UNIX? Would that scare you? How about if I told you about FreeBSD's release engineering team or the tight organization of the project? Linux is a "throw your shit in the pile" OS whereas FreeBSD has clearly defined project goals. Developing a complex system requires organization and FreeBSD has that. And since FreeBSD is Open Source, I don't see how it can die... You're just jealous because KDE isn't installed by default and you can't do anything without it. FreeBSD is growing and growing fast my friend!
YHBT. YHL. HAND, Goat Fucker.
But wait, development continues strong with a release every 4 months. And FreeBSD 5.0 is due out in 6 months. Oh, you're right, linux has more users. And 95% of them can't program "hello world". What if I told you that all the linux guru's are migrating to BSD because linux has gained a rep as the newbies UNIX? Would that scare you? How about if I told you about FreeBSD's release engineering team or the tight organization of the project? Linux is a "throw your shit in the pile" OS whereas FreeBSD has clearly defined project goals. Developing a complex system requires organization and FreeBSD has that. And since FreeBSD is Open Source, I don't see how it can die... You're just jealous because KDE isn't installed by default and you can't do anything without it. FreeBSD is growing and growing fast my friend.
What? I understand "goat fucker", but that's about it.
I can understand your frustration after using 1/4 of your computational power, but don't blame me. Just install an OS that supports SMP on an MP machine. FreeBSD isn't as secure, but at least it'll use all your CPU's.
So why now? Why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?
The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.
It's geek speak. :rolleyes: Those stupid fucks come onto our internet and can't even talk the fucking language. :mad
Quote JORDAN:
Well, that is certainly poetic. Sounds like the tanks already rushed in and crushed the skulls of BSD. Yeah, we hear whiners claim Darwin is BSD, bull. Darwin on both PPC and even more so on x86 is *completely* un-usable, and you people damn right well know it. Mark me as a troll, you can, deny the truth you will (to use a Yoda-ism, death to G. Lucas) You know it. If you don't buy a MAC, an overpriced hack at a PC (whatever happened to acceptance of the superior Fire Wire [I love Fire Wire, but its only now starting to appear on motherboards after USB 1 and even 2.0 have been on for a while], almost ZILCH compared to USB, also, try and find a NuBUS card, let alone a slot - interesting how PCI killed off ALL the Apple busses), then you are screwed when it comes to Apple UNIX. I wish Apple would stop being a WHIMP and port to x86, but it seems apparent they do not have the intelligence present to PORT an OS to x86 (geeze, of all the oddest, off the wall undocumented architectures ever [facetious]. Yeah, right. Must be tuff.). Who would have thought? Well, I would have.
Remember folks, UNIX vendors killed Unix. I piss on Microsoft, but they can sell SHIT far better than UNIX vendors can sell GOLD. IBM is dumping AIX in favor of Linux, what a surprise (They are writing JFS, POSIX THREADS 2.0, and lots of NUMA for Linux, not BSD, all you BSD loons take a note of that).. Solaris has only one thing Linux doesn't have, good scalable SMP. Other than that Solaris is a flaming dogpile, I know, I have seen it in action. HP-UX is trash, lovingly known as HOCKEY PUX (and also verifiably impossible to port to and compile stuff on), they also killed the only REAL competitor to Microshit Exchange, OpenMAIL. Now OpenMAIL is a dead end Samsung product and it sucks. Mark me as a troll, you are vastly uninformed if you do, but I have actually administered OpenMAIL and have tried it relabeled from Samsung. Worth noting, I never saw OpenMAIL working on anything else besides Linux. Thanks Carly, you for killing over the only good Unix based mail MTA. Lets rip into SGI. Ha ha ha ha. The only remnant holdover of that vendor is re-appearing in Linux as XFS. The rest of that garbage in IRIX is easily DEPRECATED in favor of a GNU OS. At least stupid Sun gets giving out a free OS. You can't even try BSD/OS. It's the only BSD of interest and Wind River is killing it. The rest of the BSDs are so far behind Linux in terms of scalability its not even funny. I wish IPF was ported to Linux, I wish Linux was a better networker, it surely has room to grow, but there is nothing, nothing, nothing compelling ANYONE to develop anything for BSD. Its dead. I gets things back-ported from Linux. The only BSD worth anything is OPENBSD,. Theo is God, the rest of that whole project is shit. It's a moot, embedded only OS barely useable as a workstation OS.
So all you flaming hippie scum get behind Linux, because Apple is going to screw BSD in the rump, this is the first step, cut the chicken's head off [pry Jordan from FreeBSD]. Apple is dead ending their fork of *BSD, we know it. It won't be ported. Its sole purpose it to be eye candy for Mac zealots (boy, using an industrial grade Unix OS and Kernel for displaying EYE CANDY - that's "THINKING SMART"????). Believe you me, if Intel died tomorrow, Microsoft would move *fast* to support the next best platform. Look at the boot Intel got in the balls when Microsoft recently licked Hammer's (Opeteron's) nuts instead of Itanic Itanium.
You better hope IBM buys out the now Defunct Sun, fixes up Java so it doesn't totally SUCK, throws out all the garbage that is named Solaris and SPARC, and makes a serious attempt at dominating the market. Otherwise, it wont be BSD dying as a troll, it will be UNIX having serious R&D funding problems. The party will end if big corporation abandon Unix, and oh, yes, it *can* happen. I sure hope it doesn't.
Sure mod me as a troll. Do it. But facts are facts. Apple BSD is a niche. *BSD is losing market share. OpenBSD is awesome, but very, very niche. Linux is being underwritten by IBM, Sun (through Cobalt, which is *pathetic). HP/Compaq are also earnestly supporting Linux, not BSD. The writing is on the wall, folks. Sniff some glue.
It is now official: *BSD is dying
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test. Coupled with the sudden departure of FreeBSD's main designer, all that remains is the eulogy.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers. Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
Sure this is half troll, half truth, but be open minded and see some writing on the wall.