Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] VPN masquerading
>i have read lots of newsgroups and howto's and until now have not found a
>definitive answer to the question:
>how do i forward the necessary protocols (not the ports, for pptp or ipsec)
>to a masqueraded

Port 500 UDP, Protocol 50,51 for freeswan

>vpn server, or is is possible at all using susefirewall2 and iptables?
>most people seem to agree that it is indeed possible using iptables without
>susefirewall2,

of course, its just a script and you could write your own !

>but event then i have not found a working solution up to now.
>if anybody knows a patch for the susefirewall2 script or the necessary
rules
>to put in the custom script which is called at the end of the config file,
>please help me out. anything that works is appreciated...

You sound a little desperate. Dont do !

edit /etc/rc.config.d/firewall2.rc.config

snip
---
FW_DEV_INT="eth0 ipsec0"
FW_ROUTE="yes"
FW_ALLOW_CLASS_ROUTING="yes"
---
snap

and to prevent masquerading

snip
----
# 19.)
# Say yes, if you use IPSEC
# Defaults to "no"
#
FW_IPSEC="yes"
#
# 20.)
# IPSEC device
#
FW_DEV_IPSEC="ipsec0"

# 21.)
# local/remote network
# masquerading is disabled through the tunnel automatically,
# if you enabled it above
#
FW_IPSEC_LOCALNET="192.168.x.x/24"
FW_IPSEC_REMOTENET="192.168.x.x/24"
----
snap

The resource 4 latest script version is:

http://www.suse.com/~marc/SuSEfirewall2-2.1.tar.gz

Hope that helps

Yours

Michael



< Previous Next >