On 06/13/14 13:21, Brian Wood wrote:
> I've been thinking about IPsec recently after not
> making much progress with it previously.  I'm
> wondering how it would work with my current
> configuration.  Currently I run both nginx and
> my code generation service on the same machine.
> I also use ssh to login remotely.   If you have IPsec
> running on a server, do you still use ssh to login to
> that machine?

I typically don't use ssh over ipsec.  ssh has pretty good security features already.  I mostly use it to secure ldap, and database connections.

It's also good for tunneling through services on an internal network from a dmz.  The firewall just needs to allow ipsec through, and then the 
host firewall on the internal server can handle the port, and ipsec authenticates the two servers.  So you can't just bring up a new device and 
get the same access because the device isn't authenticated to the internal server.

> I found this info
>
> http://link.springer.com/chapter/10.1007/11542322_29
>
> It looks like the authors found some problems with IPsec.

I haven't read that yet, but the first page preview thing seems like it's confusing SSH with SSL.  May be a type-o.  The way it's referring to 
SSH doesn't sound right, where SSL would make more sense in it's place.