Firewall Wizards mailing list archives
Re: performance of TIS Gauntlet
From: Rick Murphy <rmurphy () itm-inst com>
Date: Mon, 26 Jan 1998 15:21:53 -0500
At 12:43 PM 1/26/98 -0500, James Croall wrote:
I'm not too familiar with the kernel changes in the Gauntlet kernel, but as far as I can tell it uses swIPe to provide the VPN support. swIPe has been ported to NetBSD and FreeBSD, and could be ported to some of the other BSD unices out there. Of course, you can always drop in your favourite IPsec implementation and have even stronger encryption.
The VPN support is swIPe that works (there's a bug in the stuff floating around the net that will cause packet corruption when it's used over unreliable networks; the original SunOS version didn't have the problem.)
The only other serious kernel modification that I know of is the code to provide transparent proxy support, and there are patches available to add this to the various 4.4BSD unices out there.
The significant kernel mod is to add a system call for transparency support. If this system call isn't available, the proxies won't function. The FWTK transparency patches that I've seen do things very differently. There is also a packet screening device driver that amongst other things blocks ICMP.
Although if you're this die-hard about doing it yourself..
Well, I *did* do it myself.. when I worked for TIS ;-) -Rick
Current thread:
- performance of TIS Gauntlet Ahmed Ali (Jan 23)
- Re: performance of TIS Gauntlet -= ArkanoiD =- (Jan 24)
- Re: performance of TIS Gauntlet Christopher Michael (Jan 25)
- Re: performance of TIS Gauntlet -= ArkanoiD =- (Jan 26)
- Re: performance of TIS Gauntlet Rick Murphy (Jan 26)
- Re: performance of TIS Gauntlet Roger Nebel (Jan 31)
- Re: performance of TIS Gauntlet Christopher Michael (Jan 25)
- <Possible follow-ups>
- Re: performance of TIS Gauntlet -= ArkanoiD =- (Jan 26)
- Re: performance of TIS Gauntlet James Croall (Jan 31)
- Re: performance of TIS Gauntlet Rick Murphy (Jan 31)
- Re: performance of TIS Gauntlet -= ArkanoiD =- (Jan 24)