Coda File System

Re: File transfers in the clear?

From: Greg Troxel <gdt_at_fnord.ir.bbn.com>
Date: 28 Feb 2001 19:45:55 -0500
I'm running coda over IPsec ESP, using 3DES and HMAC-SHA1.  The new
masquerade option to venus makes spd setup easier, as one only needs
to protect things with udp 370 or udp 2432 as the destination.


For a client with setkey from FreeBSD 4.2+KAME:

# Coda masquerading
spdadd 0.0.0.0/0[any] 0.0.0.0/0[370] udp
        -P out ipsec esp/transport//require ;
spdadd 0.0.0.0/0[370] 0.0.0.0/0[any] udp
        -P in ipsec esp/transport//require ;
spdadd 0.0.0.0/0[any] 0.0.0.0/0[2432] udp
        -P out ipsec esp/transport//require ;
spdadd 0.0.0.0/0[2432] 0.0.0.0/0[any] udp
        -P in ipsec esp/transport//require ;

The server is similar:

# clog from/to client
spdadd 0.0.0.0/0[any] CODA-SERVERS-ADDR/32[370] udp
        -P in ipsec esp/transport//require ;
spdadd CODA-SERVERS-ADDR/32[370] 0.0.0.0/0[any] udp
        -P out ipsec esp/transport//require ;

## CODA masquerading
spdadd 0.0.0.0/0[any] CODA-SERVERS-ADDR/32[2430] udp
        -P in ipsec esp/transport//require ;
spdadd CODA-SERVERS-ADDR/32[2430] 0.0.0.0/0[any] udp
        -P out ipsec esp/transport//require ;



        Greg Troxel <gdt_at_ir.bbn.com>
Received on 2001-02-28 19:46:02