Date: Thu, 24 Jan 2002 19:26:35 -0000 From: "Kerin Millar" <kerin@recruit2recruit.net> To: <freebsd-security@freebsd.org> Subject: Re: Can't set up an IPsec tunnel. Message-ID: <F6EDFA037E2BA541851DFEFDAF759EB9054E08@newmedia-serve.newmedia-lan.net>
next in thread | raw e-mail | index | archive | help
Haven't had much experience with IPSEC myself but maybe this document = will help: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html Of course it is Linux specific but it seems to cover the masquerading = topic adequately, and presumably the parts about setting up the firewall = should be easily adaptable to IPFW. Here is an interesting excerpt from = the document: <BEGIN> If you are setting up a masqueraded VPN server, you will also have to = obtain and install the following two packages:=20 To redirect the inbound TCP/UDP traffic (the 1723/tcp PPTP control = channel or the 500/udp ISAKMP channel), you need the appropriate = ipportfw port-forwarding kernel patch and configuration tool from = http://www.ox.compsoc.org.uk/~steve/portforwarding.html. Port forwarding = has been incorporated into the 2.2.x kernel. See man ipmasqadm for = configuration details. If ipmasqadm is not included with your = distribution it can be obtained at http://juanjox.kernelnotes.org/.=20 To redirect the initial inbound tunnel traffic (GRE for PPTP and ESP for = IPsec), you need the ipfwd generic-IP redirector from = http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/.=20 You do not need port forwarding or ipfwd if you are masquerading only = clients." <END> Regards, Kerin Millar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F6EDFA037E2BA541851DFEFDAF759EB9054E08>