LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 06-14-2011, 10:47 AM   #1
epoh
Member
 
Registered: Jan 2008
Posts: 73

Rep: Reputation: 15
Win2k8 to RHEL5.6 secure communications help!


We are in the process of setting up and new order management system at my work. Everything is secure, except for one bit. Traffic from a Windows 2008 server to a RHEL 5.6 64bit is unencrypted and will be transmitting CC data (big no-no.) We have to determine a way to encrypt this traffic without causing any additional cost to the project (as always!)

I assumed I could just setup an IPsec connection between the two, but I am not so much of a windows admin and my testing is not going well. I've got the connection setup on the linux side, but I can't get it setup properly on the windows side.

I'm wondering know if IPsec is the best route? Does anyone have a better suggestion? Or can point me to some good documentation on getting an Win2k8 server to talk to a RHEL box via IPsec?

Thanks for any help!

Last edited by epoh; 06-14-2011 at 05:57 PM. Reason: Issue not so solved
 
Old 06-14-2011, 11:05 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
stunnel is a great tool for things like this.
 
Old 06-14-2011, 11:21 AM   #3
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
I'm familiar with wrapping specific processes with stunnel, but not all the traffic between two boxes. I'll do some research on that. I'm definitely more comfortable with stunnel!
 
Old 06-14-2011, 11:23 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well surely there are only a few streams of traffic that are relevant, no? What kind of environment is this dubious link? Internet?
 
Old 06-14-2011, 12:37 PM   #5
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
Private VLANs, no internet access (from these systems.) The traffic is from MSMQ into an integrator server which translates the queue data into JMS data so that it can then go through JBoss. The whole thing's quite convoluted. The problem, though, is that while MSMQ supports certificate authentication to secure the traffic, the integration server does not (thanks IBM!)

I was looking at doing the PPPD stunnel config, but I might see if it's possible to just wrap the MSMQ traffic instead.
 
Old 06-14-2011, 12:49 PM   #6
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
I was able to isolate the port that the integration server was connecting to MSMQ and stunnel is wrapping it up nice and securely.

Thanks a bunch Chris! Simple is always so much better.
 
Old 06-14-2011, 03:39 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Phew, I thought I was onto a loser there!
 
Old 06-14-2011, 05:56 PM   #8
epoh
Member
 
Registered: Jan 2008
Posts: 73

Original Poster
Rep: Reputation: 15
ARG! I said 'solved' too soon. stunnel does in fact work for the initial connection to the MSMQ, but it breaks the RMI call. *sigh*
 
  


Reply

Tags
ipsec


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Converting Xen RAW image to KVM qcow2 makes Win2k8 guest BSOD Savaan Linux - Virtualization and Cloud 9 12-31-2011 12:59 PM
Mapping ubuntu drive via rdesktop to win2k8 is giving me sleepless nights bryngeo Linux - Networking 1 05-10-2010 02:57 PM
Creating a secure RHEL5 image laggerific Linux - Security 6 08-13-2009 02:00 PM
IPsec to secure client-gateway communications acidmax Linux - Networking 0 01-31-2005 12:33 PM


All times are GMT -5. The time now is 06:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration