We are in the process of setting up and new order management system at my work. Everything is secure, except for one bit. Traffic from a Windows 2008 server to a RHEL 5.6 64bit is unencrypted and will be transmitting CC data (big no-no.) We have to determine a way to encrypt this traffic without causing any additional cost to the project (as always!)

I assumed I could just setup an IPsec connection between the two, but I am not so much of a windows admin and my testing is not going well. I've got the connection setup on the linux side, but I can't get it setup properly on the windows side.

I'm wondering know if IPsec is the best route? Does anyone have a better suggestion? Or can point me to some good documentation on getting an Win2k8 server to talk to a RHEL box via IPsec?

Thanks for any help!

stunnel is a great tool for things like this.

I'm familiar with wrapping specific processes with stunnel, but not all the traffic between two boxes. I'll do some research on that. I'm definitely more comfortable with stunnel!

Well surely there are only a few streams of traffic that are relevant, no? What kind of environment is this dubious link? Internet?

Private VLANs, no internet access (from these systems.) The traffic is from MSMQ into an integrator server which translates the queue data into JMS data so that it can then go through JBoss. The whole thing's quite convoluted. The problem, though, is that while MSMQ supports certificate authentication to secure the traffic, the integration server does not (thanks IBM!)

I was looking at doing the PPPD stunnel config, but I might see if it's possible to just wrap the MSMQ traffic instead.

I was able to isolate the port that the integration server was connecting to MSMQ and stunnel is wrapping it up nice and securely.

Thanks a bunch Chris! Simple is always so much better.

Phew, I thought I was onto a loser there!

ARG! I said 'solved' too soon. stunnel does in fact work for the initial connection to the MSMQ, but it breaks the RMI call. *sigh*