LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Win2k8 to RHEL5.6 secure communications help! (https://www.linuxquestions.org/questions/linux-server-73/win2k8-to-rhel5-6-secure-communications-help-886276/)

epoh 06-14-2011 09:47 AM
Win2k8 to RHEL5.6 secure communications help!
 
We are in the process of setting up and new order management system at my work. Everything is secure, except for one bit. Traffic from a Windows 2008 server to a RHEL 5.6 64bit is unencrypted and will be transmitting CC data (big no-no.) We have to determine a way to encrypt this traffic without causing any additional cost to the project (as always!)

I assumed I could just setup an IPsec connection between the two, but I am not so much of a windows admin and my testing is not going well. I've got the connection setup on the linux side, but I can't get it setup properly on the windows side.

I'm wondering know if IPsec is the best route? Does anyone have a better suggestion? Or can point me to some good documentation on getting an Win2k8 server to talk to a RHEL box via IPsec?

Thanks for any help!

acid_kewpie 06-14-2011 10:05 AM
stunnel is a great tool for things like this.

epoh 06-14-2011 10:21 AM
I'm familiar with wrapping specific processes with stunnel, but not all the traffic between two boxes. I'll do some research on that. I'm definitely more comfortable with stunnel!

acid_kewpie 06-14-2011 10:23 AM
Well surely there are only a few streams of traffic that are relevant, no? What kind of environment is this dubious link? Internet?

epoh 06-14-2011 11:37 AM
Private VLANs, no internet access (from these systems.) The traffic is from MSMQ into an integrator server which translates the queue data into JMS data so that it can then go through JBoss. The whole thing's quite convoluted. The problem, though, is that while MSMQ supports certificate authentication to secure the traffic, the integration server does not (thanks IBM!)

I was looking at doing the PPPD stunnel config, but I might see if it's possible to just wrap the MSMQ traffic instead.

epoh 06-14-2011 11:49 AM
I was able to isolate the port that the integration server was connecting to MSMQ and stunnel is wrapping it up nice and securely.

Thanks a bunch Chris! Simple is always so much better. :)

acid_kewpie 06-14-2011 02:39 PM
Phew, I thought I was onto a loser there!

epoh 06-14-2011 04:56 PM
ARG! I said 'solved' too soon. stunnel does in fact work for the initial connection to the MSMQ, but it breaks the RMI call. *sigh*


All times are GMT -5. The time now is 04:05 PM.