Good day,
I was thinking of running IPSEC on our existing Firewall running Shorewall
ver. 1.4.8, you mentioned that in order to run IPSEC and ProxyArp
together i must first upgrade to Shorewall 2.0.1 Beta 3 or later. Or i apply the
fix to Shorewall 2.0.0.
Once i do that and properly configure Freeswan "IPSEC" and Shorewall,
how many vpn connections would i be able to pass through the tunnel ? We have a
total of 8 workstations that we''re thinking of configuring for VPN
connectivity from one
company to another. Are there any such limitations that i need to address before
i''d be able to do something like that ?
Thanks,
James
Redhat 9.0
Kernel 2.4.20-28.9
Shorewall version 1.4.8
James Lopez wrote:> Good day, > > I was thinking of running IPSEC on our existing Firewall running Shorewall ver. 1.4.8, you mentioned that in order to run IPSEC and ProxyArp > together i must first upgrade to Shorewall 2.0.1 Beta 3 or later. Or i apply the fix to Shorewall 2.0.0. >Or look up the original patch and apply it to 1.4.8 -- it''s a one-linerĀ·> Once i do that and properly configure Freeswan "IPSEC" and Shorewall, how many vpn connections would i be able to pass through the tunnel ? We have a > total of 8 workstations that we''re thinking of configuring for VPN connectivity from one > company to another. Are there any such limitations that i need to address before i''d be able to do something like that ?There are certainly none in Shorewall. I can''t speak for FreeS/Wan. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:>> address before i''d be able to do something like that ? > > > There are certainly none in Shorewall. I can''t speak for FreeS/Wan. >I should also add my humble opinion that unless you absolutely need IPSEC for interoperability, then OpenVPN is probably a better solution. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> Tom Eastep wrote: > > >> address before i''d be able to do something like that ? > > > > > > There are certainly none in Shorewall. I can''t speak for FreeS/Wan. > > > > I should also add my humble opinion that unless you absolutely need > IPSEC for interoperability, then OpenVPN is probably a better solution. > > -TomI can concur with Tom, he advised me on the in similar questions over a year ago. I used Open Vpn in several different business and it has been rock solid since with multiple Vpns on the Office firewall talking to multiple other buildings.(The most 3 buildings connected to same office) Power outages, resets, ISP going down, you name it and Open Vpn would come back up. I have not had one problem with it. I used LZO with Open Vpn as well for auto compression for large file transfers. From my recent post you can see I have set up Ipec, (that was required from a mothership) and its been up for about a week with no trouble running shorewall 2.0.2a. I upgraded from 1.4.8 without any trouble. I did not change anything after upgrading. I am still trying to figure out actions. For now I just use rules as always. Mike