[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to make a working VPN



On Wed, 4 Feb 2004, Daniel Miller wrote:

> But how do I do this for external clients?  Are there particular ports I 
> need to open?  Does using IPSEC eliminate the need for an IPTABLES 
> firewall?  With these two routers, do I need to configure special 
> port/ip forwarding?

so your freeswan install is on foxy?  If so, you need to open up

                iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
                iptables -A INPUT -p esp -j ACCEPT
on foxy, and the same in FORWARD and INPUT (I think) on stonewall.  You 
will also need DNAT to forward udp 500 and esp received on stonewall's 
external interface to foxy's external interface.  You may need SNAT to 
make outward bound ike packets appear to be coming from port 500.

Good luck



Reply to: