I need a shorewall to shorewall connection, that will hook two networks
together, the remote subnet will have appx. 5 windoz xp clients on it that
telnet through the tunnel to a sco unix box with a win32 app. I am looking at
the shorewall examples and I am attracted to open vpn. The gre is easy to get
going but I was concerned with the security warning.
The remote subnet is not built yet. But the main site has shorewall up
already. My plans where to upgrade to the latest stable shorewall to set all
this up.The location that has had shorewall running already for years has T-1
access the remote site has dsl.
Since I am new to Vpns with shorewall, I am asking the experianced vpn
experts their opinions.
Thanks Mike
I would suggest freeswan - www.freeswan.org . Tom has put excellent
information on his site regarding this type of configuration.
http://www.shorewall.net/IPSEC.htm
Marc H
-----Original Message-----
From: Mike [mailto:landers@lanlinecomputers.com]
Sent: Friday, March 07, 2003 2:10 PM
To: shorewall-users@lists.shorewall.net
Subject: [Shorewall-users] VPN Challange
I need a shorewall to shorewall connection, that will hook two networks
together, the remote subnet will have appx. 5 windoz xp clients on it that
telnet through the tunnel to a sco unix box with a win32 app. I am looking
at the shorewall examples and I am attracted to open vpn. The gre is easy to
get going but I was concerned with the security warning.
The remote subnet is not built yet. But the main site has shorewall up
already. My plans where to upgrade to the latest stable shorewall to set all
this up.The location that has had shorewall running already for years has
T-1 access the remote site has dsl.
Since I am new to Vpns with shorewall, I am asking the experianced vpn
experts their opinions.
Thanks Mike
--On Friday, March 07, 2003 03:55:32 PM -0500 Marc Harding <mharding@ecwebworks.com> wrote:> I would suggest freeswan - www.freeswan.org . Tom has put excellent > information on his site regarding this type of configuration. > > http://www.shorewall.net/IPSEC.htm >The attractive thing about OpenVPN is that it doesn''t require kernel patching. Until the 2.6 kernel with inbuilt IPSEC is released, IPSEC requires a kernel patch. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Friday, March 07, 2003 02:14:11 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > The attractive thing about OpenVPN is that it doesn''t require kernel > patching. Until the 2.6 kernel with inbuilt IPSEC is released, IPSEC > requires a kernel patch.And thanks to Simon Mater, there is excellent documentation describing OpenVPN/Shorewall integration at http://www.shorewall.net/OPENVPN.html -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net