keeping people off the net
Alex Satrapa
grail at goldweb.com.au
Tue Feb 4 02:24:07 EST 2003
On Sunday, February 2, 2003, at 10:40 , Brett Lymn wrote:
> Usually when I make the suggstion that follows I get stunned
> silence... ah well here we go.
Okay, no stunned silence, but unstunned noise... the main reasons I
couldn't get FreeS/WAN to work for me in the past include:
- trying to get firewall box to do NAT *and* IPSec
- setting up routes dynamically (OpenVPN allows VPN to be reconfigured
when the remote end disappears)
- lack of knowledge of the workings fo IPSec and FreeS/WAN.
But I'm getting there :)
Configuring the firewall should be possible by processing all protocol
50 (IPSec) packets separately to normal IP packets. Once again, there
are problems with dynamic configuration here - when the remote end gets
assigned a new IP address, I've yet to figure out how to update the
firewall rules automagically.
If there's a facility for doing so already, I'd love to hear about it 8)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url : http://lists.samba.org/archive/wireless/attachments/20030204/423dc3f3/attachment.bin
More information about the wireless
mailing list