IP Security Policy Management snap-in
hello everybody !
Im using OpenBSD 4.5 as a gateway @work. There's 2 locations :
Site A and Site B.
Site A has a server with Microsoft Windows Server 2003, and a soft to backup on ftp ; there's only a netgear modem router ; public address : 22.214.171.124
Site B has our ftp server behind our gateway (OpenBSD)
public address : 126.96.36.199
When we try to connect ftp on Site A, it works fine. But it is not safe, efficient. So i wish to add an ipsec layer.
Is it possible to use "IP Security Policy snap-in" on windows server 2003 to secure the ftp data transmission (modify pf.conf) ? Or is there an other way ? How can i start, proceed ??
Thank's for your advices !
There may be secure alternatives to ftp which are easier to implement, test, inspect, and manage than IPSec: sftp, for example. ftp is a poor choice for file transfer, because userids, passwords are sent in the clear, as is the content.
For sftp, a commercial SSH client for Windows can be acquired, or, Putty's PSFTP may be used, or OpenSSH can be used under Cygwin.
AFAIK, the "snap in" does not work. There are some freeware alternatives, which implement IPSec policies without the snap-in:
Microsoft: downloadable ipseccmd.exe program -- I've never tried it, but I've read that it is possible to get IPSec working with it.
Draytek Smart VPN Client: I use this with several WXP desktops. It does not recover automatically after a timeout, so would not be appropriate for server use.
Shrew Soft's VPN Client for Windows: several other Daemonforums users like it, though, like MS's software, I've not used it.
Setting up IPSec on OpenBSD is fairly easy, it is even easier when both ends of your tunnel are OpenBSD. Google for "zero to ipsec in 4 minutes" for one simple example of the latter.
First, thank you for your reply.
I must use our ftp server(RAID 5), it is a Linksys NAS, so i can't use sftp.
And i can't put an other OpenBSD Gateway on Site A.
It only remains for me to try ipseccmd, if someone can advise me others ways to secure our ftp...thks
|Thread||Thread Starter||Forum||Replies||Last Post|
|Policy routing bsd and cisco||clone||Guides||1||17th August 2009 04:57 PM|
|A PF packet tagging (policy filtering) question...||Quaxo||OpenBSD Security||2||30th March 2009 10:47 PM|
|Enforce a better user password policy||anomie||Guides||8||7th November 2008 08:10 PM|
|Help with OpenSolaris package management||roddierod||Solaris||2||6th August 2008 03:11 PM|
|OpenVPN management||bichumo||General software and network||0||15th July 2008 09:05 AM|