Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] VPN masquerading
>thanks for your help, but as far as i see these settings are for a vpn
>endpoint *at* the firewall (firewall == vpn server, otherwise i wouldn't
>have an ipsec0 interface (or am i missing something)). what i try to
achieve
>is forward the vpn to a masqueraded server (i.e. a server with a private ip
>address). the variant vpn server == firewall would work, but sadly is not
an
>option for our configuration.

Sorry for misunderstanding your problem. As some of the follow ups already
describe the are patches for the kernel and the freeswan sources to go
through
such a NATing gateway.

I run such a patch that does what i expected. My working example goes as
follows

subnet1 ---
priv.ip.addr.int:priv.ip.addr.ext--------priv.ip.addr.int:public.ip.addr.ext
:-----
LAN___________IPSEC-ROUTER_______________NAT_ROUTER_____

public.ip.addr.ext:priv.ip.addr.int:-----------subnet2
__IPSEC_ROUTER__________________LAN

I choosed:

kernel 2.4.18 from ftp.kernel.org
freeswan 1.97 from ftp.xs4all.nl

and patch from

http://open-source.arkoon.net/ and all works fine after some hours :O)

Yours

Michael




< Previous Next >