18 messages in org.freebsd.freebsd-securityRe: Can't set up an IPsec tunnel.| From | Sent On | Attachments |
|---|---|---|
| dr3node | Jan 24, 2002 7:47 am | |
| Lawrence Sica | Jan 24, 2002 9:59 am | |
| dr3node | Jan 24, 2002 10:43 am | |
| Eric Anderson | Jan 24, 2002 10:54 am | |
| dr3node | Jan 24, 2002 10:56 am | |
| Eric Anderson | Jan 24, 2002 11:05 am | |
| Lawrence Sica | Jan 24, 2002 11:05 am | |
| Eric Anderson | Jan 24, 2002 11:06 am | |
| Lawrence Sica | Jan 24, 2002 11:22 am | |
| Kerin Millar | Jan 24, 2002 11:26 am | |
| Eric Anderson | Jan 24, 2002 11:29 am | |
| Thomas T. Veldhouse | Jan 24, 2002 11:43 am | |
| Nate Williams | Jan 24, 2002 12:01 pm | |
| Nate Williams | Jan 24, 2002 12:06 pm | |
| Eric Anderson | Jan 24, 2002 12:11 pm | |
| Nate Williams | Jan 24, 2002 12:14 pm | |
| Peter Chiu | Jan 24, 2002 1:26 pm | |
| Vadim E. Martysh | Jan 24, 2002 2:11 pm |
| Subject: | Re: Can't set up an IPsec tunnel. | |
|---|---|---|
| From: | Eric Anderson (ande...@centtech.com) | |
| Date: | Jan 24, 2002 11:29:15 am | |
| List: | org.freebsd.freebsd-security | |
I think the real problem is he has a SEPARATE host in between his two IPSEC boxes.
Eric
Kerin Millar wrote:
Haven't had much experience with IPSEC myself but maybe this document will help:
http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html
Of course it is Linux specific but it seems to cover the masquerading topic
adequately, and presumably the parts about setting up the firewall should be
easily adaptable to IPFW. Here is an interesting excerpt from the document:
<BEGIN>
If you are setting up a masqueraded VPN server, you will also have to obtain and
install the following two packages:
To redirect the inbound TCP/UDP traffic (the 1723/tcp PPTP control channel or
the 500/udp ISAKMP channel), you need the appropriate ipportfw port-forwarding
kernel patch and configuration tool from
http://www.ox.compsoc.org.uk/~steve/portforwarding.html. Port forwarding has
been incorporated into the 2.2.x kernel. See man ipmasqadm for configuration
details. If ipmasqadm is not included with your distribution it can be obtained
at http://juanjox.kernelnotes.org/.
To redirect the initial inbound tunnel traffic (GRE for PPTP and ESP for IPsec),
you need the ipfwd generic-IP redirector from
http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/.
You do not need port forwarding or ipfwd if you are masquerading only clients."
<END>
Regards,
Kerin Millar
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
--
------------------------------------------------------------------ Eric Anderson ande...@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you.
------------------------------------------------------------------
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message