Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] how to enable ipsec over firewall?
>Ho be honest, I'd prefer masquarading instead of NAT (sorry, i used to
>use those terms synonymously)... do need Free S/Wan then? In the HowTo
>(http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html) they speak about a
>kernel patch or module, too, but this one seems to be a different one.
>
>How would I do VPN masquarading with Suse Linux?
>

Sorry, but if you do VirtualPrivateNetworking, you dont have
to masquerade your ip's, cause they normally are private, not
internet routeable, but you even have to route, in case of freeswan
left and right subnet, to each other through the corresponding ipsec
device (freeswan does that automagically for you (eroutes)).
VPN gateways talk to each other with their public ip and the known
udp 500/prot50 mechanism.

For your [NAT|MASQ] question:

http://open-source.arkoon.net/

There is the NAT-traversal patch that works fine
for me. I've got a masquerading/NATing router
between me and the other freeswan gateway.

RTFM to check out compliance with other IPSec
products.

Yours

Michael

< Previous Next >