Date: Thu, 24 Jan 2002 19:26:35 -0000 From: "Kerin Millar" <kerin@recruit2recruit.net> To: <freebsd-security@freebsd.org> Subject: Re: Can't set up an IPsec tunnel. Message-ID: <F6EDFA037E2BA541851DFEFDAF759EB9054E08@newmedia-serve.newmedia-lan.net>
next in thread | raw e-mail | index | archive | help
Haven't had much experience with IPSEC myself but maybe this document will help: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html Of course it is Linux specific but it seems to cover the masquerading topic adequately, and presumably the parts about setting up the firewall should be easily adaptable to IPFW. Here is an interesting excerpt from the document: <BEGIN> If you are setting up a masqueraded VPN server, you will also have to obtain and install the following two packages: To redirect the inbound TCP/UDP traffic (the 1723/tcp PPTP control channel or the 500/udp ISAKMP channel), you need the appropriate ipportfw port-forwarding kernel patch and configuration tool from http://www.ox.compsoc.org.uk/~steve/portforwarding.html. Port forwarding has been incorporated into the 2.2.x kernel. See man ipmasqadm for configuration details. If ipmasqadm is not included with your distribution it can be obtained at http://juanjox.kernelnotes.org/. To redirect the initial inbound tunnel traffic (GRE for PPTP and ESP for IPsec), you need the ipfwd generic-IP redirector from http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/. You do not need port forwarding or ipfwd if you are masquerading only clients." <END> Regards, Kerin Millar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F6EDFA037E2BA541851DFEFDAF759EB9054E08>