LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 06-14-2011, 09:47 AM   #1
epoh
Member
 
Registered: Jan 2008
Posts: 73

Rep: Reputation: 15
Win2k8 to RHEL5.6 secure communications help!


We are in the process of setting up and new order management system at my work. Everything is secure, except for one bit. Traffic from a Windows 2008 server to a RHEL 5.6 64bit is unencrypted and will be transmitting CC data (big no-no.) We have to determine a way to encrypt this traffic without causing any additional cost to the project (as always!)

I assumed I could just setup an IPsec connection between the two, but I am not so much of a windows admin and my testing is not going well. I've got the connection setup on the linux side, but I can't get it setup properly on the windows side.

I'm wondering know if IPsec is the best route? Does anyone have a better suggestion? Or can point me to some good documentation on getting an Win2k8 server to talk to a RHEL box via IPsec?

Thanks for any help!

Last edited by epoh; 06-14-2011 at 04:57 PM. Reason: Issue not so solved
 
Old 06-14-2011, 10:05 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
stunnel is a great tool for things like this.
 
Old 06-14-2011, 10:21 AM   #3
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
I'm familiar with wrapping specific processes with stunnel, but not all the traffic between two boxes. I'll do some research on that. I'm definitely more comfortable with stunnel!
 
Old 06-14-2011, 10:23 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
Well surely there are only a few streams of traffic that are relevant, no? What kind of environment is this dubious link? Internet?
 
Old 06-14-2011, 11:37 AM   #5
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
Private VLANs, no internet access (from these systems.) The traffic is from MSMQ into an integrator server which translates the queue data into JMS data so that it can then go through JBoss. The whole thing's quite convoluted. The problem, though, is that while MSMQ supports certificate authentication to secure the traffic, the integration server does not (thanks IBM!)

I was looking at doing the PPPD stunnel config, but I might see if it's possible to just wrap the MSMQ traffic instead.
 
Old 06-14-2011, 11:49 AM   #6
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
I was able to isolate the port that the integration server was connecting to MSMQ and stunnel is wrapping it up nice and securely.

Thanks a bunch Chris! Simple is always so much better.
 
Old 06-14-2011, 02:39 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
Phew, I thought I was onto a loser there!
 
Old 06-14-2011, 04:56 PM   #8
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
ARG! I said 'solved' too soon. stunnel does in fact work for the initial connection to the MSMQ, but it breaks the RMI call. *sigh*
 
  


Reply

Tags
ipsec


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Converting Xen RAW image to KVM qcow2 makes Win2k8 guest BSOD Savaan Linux - Virtualization and Cloud 9 12-31-2011 11:59 AM
Mapping ubuntu drive via rdesktop to win2k8 is giving me sleepless nights bryngeo Linux - Networking 1 05-10-2010 01:57 PM
Creating a secure RHEL5 image laggerific Linux - Security 6 08-13-2009 01:00 PM
IPsec to secure client-gateway communications acidmax Linux - Networking 0 01-31-2005 11:33 AM


All times are GMT -5. The time now is 08:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration