I need a shorewall to shorewall connection, that will hook two networks together, the remote subnet will have appx. 5 windoz xp clients on it that telnet through the tunnel to a sco unix box with a win32 app. I am looking at the shorewall examples and I am attracted to open vpn. The gre is easy to get going but I was concerned with the security warning. The remote subnet is not built yet. But the main site has shorewall up already. My plans where to upgrade to the latest stable shorewall to set all this up.The location that has had shorewall running already for years has T-1 access the remote site has dsl. Since I am new to Vpns with shorewall, I am asking the experianced vpn experts their opinions. Thanks Mike
I would suggest freeswan - www.freeswan.org . Tom has put excellent information on his site regarding this type of configuration. http://www.shorewall.net/IPSEC.htm Marc H -----Original Message----- From: Mike [mailto:landers@lanlinecomputers.com] Sent: Friday, March 07, 2003 2:10 PM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] VPN Challange I need a shorewall to shorewall connection, that will hook two networks together, the remote subnet will have appx. 5 windoz xp clients on it that telnet through the tunnel to a sco unix box with a win32 app. I am looking at the shorewall examples and I am attracted to open vpn. The gre is easy to get going but I was concerned with the security warning. The remote subnet is not built yet. But the main site has shorewall up already. My plans where to upgrade to the latest stable shorewall to set all this up.The location that has had shorewall running already for years has T-1 access the remote site has dsl. Since I am new to Vpns with shorewall, I am asking the experianced vpn experts their opinions. Thanks Mike
--On Friday, March 07, 2003 03:55:32 PM -0500 Marc Harding <mharding@ecwebworks.com> wrote:> I would suggest freeswan - www.freeswan.org . Tom has put excellent > information on his site regarding this type of configuration. > > http://www.shorewall.net/IPSEC.htm >The attractive thing about OpenVPN is that it doesn''t require kernel patching. Until the 2.6 kernel with inbuilt IPSEC is released, IPSEC requires a kernel patch. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Friday, March 07, 2003 02:14:11 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > The attractive thing about OpenVPN is that it doesn''t require kernel > patching. Until the 2.6 kernel with inbuilt IPSEC is released, IPSEC > requires a kernel patch.And thanks to Simon Mater, there is excellent documentation describing OpenVPN/Shorewall integration at http://www.shorewall.net/OPENVPN.html -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net