[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] freeswan, VPN, firewall, roadwarrior setup (was: Re: [suse-security] Wanted: SuSEfirewall2 config)
* Kostyal Daniel wrote on Wed, Jul 16, 2003 at 16:57 +0300:
> 1 Suse 8.0, 2 NIC's, freeswan VPN. All I want is to use the VPN, have acces
> from the remote network to the Samba service installed on the same computer,
> and to access ssh from anywhere. Nothing else. Thanx.
I have SuSE 8.2 as roadwarrior with freeswan + SuSEfirewall2.
The SuSEfirewall2 seems to make a lot of assumptions. It seems
you either live with it, or don't use it :-) for instance,
FW_SERVICE_AUTODETECT="yes" seems to work only if the services
are running locally (otherwise, I couldn't imagine how it should
Please correct me if I'm wrong and give improved examples!
Setup: ipsec0 with 192.168.1.0/24 <-> 192.168.2.0/24. eth1
1. if you allow something from ext, you have to allow it for
to allow everyone (!) to access ISAKMP and ESP/AH.
2. make ipsec0 an internal interface:
3. Try to make it working. I set
(it seems to be assumed, that trusted networks are on the
internal interfaces only, because it seems an explicit DROP
rule is cerated on external interface)
to disable "rp_filter" feature. It seems to be assumed that
you either want many or none of the kernel security features.
5. Because I just have one external interface and no DMZ, I set:
I didn't found a FW_ALLOW_INTERNAL_ROUTING or
Finally, the portscan from external looks good so I can live with
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here