Re: How to make a working VPN
On Wed, 4 Feb 2004, Daniel Miller wrote:
> But how do I do this for external clients? Are there particular ports I
> need to open? Does using IPSEC eliminate the need for an IPTABLES
> firewall? With these two routers, do I need to configure special
> port/ip forwarding?
so your freeswan install is on foxy? If so, you need to open up
iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
on foxy, and the same in FORWARD and INPUT (I think) on stonewall. You
will also need DNAT to forward udp 500 and esp received on stonewall's
external interface to foxy's external interface. You may need SNAT to
make outward bound ike packets appear to be coming from port 500.