Mailinglist Archive: opensuse-security (421 mails)
| < Previous | Next > |
Re: [suse-security] Ipsec + firewall
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Thu, 21 Jun 2001 00:10:30 +0200
- Message-id: <20010621001029.M11793@xxxxxxxxx>
* Schulz, Wolfgang wrote on Wed, Jun 20, 2001 at 10:22 +0200:
> Is there any way to use masquerading and ipsec on the same gateway
> (firewall)?
Yes, but you cannot masquerade IPSec tunnels (don't mix that). If
the tunnel starts on the machine which do masquerading you usally
want that tunneled connections not to be masqueraded - so adapt
the masqurading rules. Please note, that you must not masquerade
IPSec traffic (proto 50/51).
> If this is not possible with ipsec - is this maybe possible with cipe (I
> only know the name till now).
I guess it would, but IPSec is somewhat more platt-form
independed and my choice. With SuSE 7.0/7.1 it's easy to set up
IPSec, just install freeswan.rpm (well, I'm not sure if that RPM
is avialable for recent kernel updates, so you may get a problem
here, check FTP server), edit ipsec.conf according to the
documentation and run it :)
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> Is there any way to use masquerading and ipsec on the same gateway
> (firewall)?
Yes, but you cannot masquerade IPSec tunnels (don't mix that). If
the tunnel starts on the machine which do masquerading you usally
want that tunneled connections not to be masqueraded - so adapt
the masqurading rules. Please note, that you must not masquerade
IPSec traffic (proto 50/51).
> If this is not possible with ipsec - is this maybe possible with cipe (I
> only know the name till now).
I guess it would, but IPSec is somewhat more platt-form
independed and my choice. With SuSE 7.0/7.1 it's easy to set up
IPSec, just install freeswan.rpm (well, I'm not sure if that RPM
is avialable for recent kernel updates, so you may get a problem
here, check FTP server), edit ipsec.conf according to the
documentation and run it :)
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |