12 Aug
2001
12 Aug
'01
16:17
Hi, i'm using suse 7.0 with ipchains and freeswan 1.91. i've got a question, in general, about freeswan and firewall rules with ipchains. Is it a possible security problem to allow all traffic for everyone on the ipsec0 interface ? I have got some roadwarriors (ipsec clients with dynamic ip) and i can't tie up the firewall-rules because of the changing ip-address. for a gateway it's no problem because the ip within the tunnel is static but with a roadwarrior the ip is dynamic so can anyone give me a hint if it is problematic to have a 'any' rule on the ipsec0 interface ? I think the traffic on the ipsec0 interface is encrypted and therefore authenticated by the configured tunnel so it should be no security risk ? Thanks Markus