Mailinglist Archive: opensuse-security (375 mails)
| < Previous | Next > |
Re: [suse-security] how to enable ipsec over firewall?
- From: Stefan Hoffmeister <suse.mailinglist@xxxxxxxxx>
- Date: Wed, 18 Sep 2002 16:13:33 +0200
- Message-id: <252hous96lq7eckg871uv4suf148d88c05@xxxxxxx>
: On Mon, 16 Sep 2002 21:23:38 +0200, Jochen Staerk wrote:
>I need to have access to an external cisco VPN 5000 system from a
>windows box through a Suse Linux Masquarading Router (NAT to german
>T-DSL), the Suse Linux is 6.4 with a 2.2er kernel.
While I have never tried this with a _SuSE_ router, experience shows
that
W2K client -> Linux NAT router -> IPSec server
192.168.x.x <public/dynamic IP> <public/static IP>
can work well.
My configuration is a fli4l floppy router (http://www.fli4l.de/) which
comes with an almost pristine 2.2.19 kernel, but with the VPN
masquerading patch of
http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
applied. This patch, among other things, gets you an
ip_masq_ipsec
masquerading module which will do the IPSec magic, to the extent it is
possible.
I have no idea whether the SuSE kernels have the VPN masquerading patch
integrated. All I know is that I can do IPSec just fine through the
above-mentioned configuration.
>I need to have access to an external cisco VPN 5000 system from a
>windows box through a Suse Linux Masquarading Router (NAT to german
>T-DSL), the Suse Linux is 6.4 with a 2.2er kernel.
While I have never tried this with a _SuSE_ router, experience shows
that
W2K client -> Linux NAT router -> IPSec server
192.168.x.x <public/dynamic IP> <public/static IP>
can work well.
My configuration is a fli4l floppy router (http://www.fli4l.de/) which
comes with an almost pristine 2.2.19 kernel, but with the VPN
masquerading patch of
http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
applied. This patch, among other things, gets you an
ip_masq_ipsec
masquerading module which will do the IPSec magic, to the extent it is
possible.
I have no idea whether the SuSE kernels have the VPN masquerading patch
integrated. All I know is that I can do IPSec just fine through the
above-mentioned configuration.
| < Previous | Next > |