Re: How to make a working VPN

To: debian-firewall@lists.debian.org
Subject: Re: How to make a working VPN
From: Daniel Miller <dmiller@amfes.com>
Date: Thu, 05 Feb 2004 09:25:23 -0800
Message-id: <[🔎] 40227C83.3040407@amfes.com>
Reply-to: dmiller@amfes.com
In-reply-to: <[🔎] Pine.LNX.4.50.0402041856400.13823-100000@garibaldi.apptechsys.com>
References: <[🔎] 4021A582.6010405@amfes.com> <[🔎] Pine.LNX.4.50.0402041856400.13823-100000@garibaldi.apptechsys.com>

Jeremy Drake wrote:

On Wed, 4 Feb 2004, Daniel Miller wrote:
But how do I do this for external clients? Are there particular ports Ineed to open? Does using IPSEC eliminate the need for an IPTABLESfirewall? With these two routers, do I need to configure specialport/ip forwarding?
so your freeswan install is on foxy?

I currently have kernel 2.6 on foxy - so I'm using the ipsec-toolsthere. I'll probably upgrade stonewall as well - since I haven't beenable to get freeswan to work.

If so, you need to open up

               iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
               iptables -A INPUT -p esp -j ACCEPT
on foxy, and the same in FORWARD and INPUT (I think) on stonewall. Youwill also need DNAT to forward udp 500 and esp received on stonewall'sexternal interface to foxy's external interface. You may need SNAT tomake outward bound ike packets appear to be coming from port 500.
Good luck

So to be clear - I ONLY need to open/forward that port 500 for ALLcommunication when using IPSEC? That will let me share files usingSamba, for example?


Daniel

Reply to:

References:
- How to make a working VPN
  - From: Daniel Miller <dmiller@amfes.com>
- Re: How to make a working VPN
  - From: Jeremy Drake <jeremyd@apptechsys.com>

Prev by Date: Re: Auto starting iptables
Next by Date: unsubscribe
Previous by thread: Re: How to make a working VPN
Next by thread: RE: How to make a working VPN
Index(es):
- Date
- Thread