Northe, Juergen
2002-Oct-06 23:17 UTC
[Shorewall-users] FreeSwan-Gateway behind a Firewall
I buid here a lab with the configuraiton shown below. Everything works fine here at home with my crossover-cables ;-) But a vpn is nothing worth, when it is not connected to the internet. Before I will do that, it must be bulletproof. Now I found at FreeSwan-HowTo.html#non-routable, http://jixen.tripod.com,=20 that the FreeSwan-Interface must have a routable, non rfc1918 ip-adress, except when the FreeSwan-Box masquerade the interface=20 and replace these adresses before they reach the internet. - have I to masquerade the packets for 10.1.6.1 at the IPSEC-gw and /or at the firewall ? - can I establish such a tunnel, where even the endpoint also the net behind is a private-ip -lan? (..yes, now I am confused if it works at all.. LAN (172.20.0.0/16) | | | | <-(eth0:172.20.6.2) FreeSwan GW with Shorewall, using tunnel || <-eth1:10.1.6.2, ipsec listens here)=20 || || || <-(eth0:10.1.6.1) Firewall: running Shorewall .., let udp500,ipv6-crypt,ipv6-auth pass through || <-(eth1:212.123.5.1) || || || <-(router 212.123.5.3) Internet=20 || || || || <-(dhcp 0.0.0.0) RoadWarrior=20 J=FCrgen Northe