[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to make a working VPN

Jeremy Drake wrote:

On Wed, 4 Feb 2004, Daniel Miller wrote:

But how do I do this for external clients? Are there particular ports I need to open? Does using IPSEC eliminate the need for an IPTABLES firewall? With these two routers, do I need to configure special port/ip forwarding?

so your freeswan install is on foxy?
I currently have kernel 2.6 on foxy - so I'm using the ipsec-tools there. I'll probably upgrade stonewall as well - since I haven't been able to get freeswan to work.

If so, you need to open up

               iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
               iptables -A INPUT -p esp -j ACCEPT
on foxy, and the same in FORWARD and INPUT (I think) on stonewall. You will also need DNAT to forward udp 500 and esp received on stonewall's external interface to foxy's external interface. You may need SNAT to make outward bound ike packets appear to be coming from port 500.

Good luck

So to be clear - I ONLY need to open/forward that port 500 for ALL communication when using IPSEC? That will let me share files using Samba, for example?


Reply to: