tony.chamberlain@xxxxxxxxx wrote:
Has anyone had experience with Freeswan? We have a situation where say there is a Linux machine in City 1 with IP address 10.0.0.10 (for example) and a Linux machine in City 2 with an IP address of 10.0.0.20 (for example). Now these machines are in different cities, so machine 1 cannot just open a socket on 10.0.0.20 because machine 2 is on a different network. Each machine does have a router, say City 1 is 65.15.47.28 (for example). To get into City 1from outside the network you go through thr router, use 65.15.47.28 which routes into the LAN. The same for City 2. For a unix process on 10.0.0.10 to send to 10.0.0.20 it would have to send to 65.15.47.28 which would route it in. Problem is, its from address would be 10.0.0.10, which the machine at 10.0.0.20 wouldn't know about. A process on 10.0.0.20 would have to do something similar to respond. Now these machines have to actually be able to use each others' 10.0.0.X addresses. I assume this is possible via a VPN. They don't have any Cicsco VPNs or anything, and they asked whether it is possible just using Linux (CentOS) to set up a VPN. I did a bit of searching and found a couple things. Freeswan seemed to be the most promising, though other packages could be just as good.
I use openvpn; it's a user-land VPN solution, works well, scales well, has good docs.
Is the above scenario possible with Freeswan or can you recommend some other way?
When I was looking (years ago) Freeswan and Openswan had doubtful-looking futures and were relatively difficult to set up. Kernel patches, as I recall.
-- Cheers John -- spambait 1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list