Re: IPSec gateway configuration

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
Indeed, PPPoE is great for this, but unfortunately, in my case I would prefere something else. For PPPoE all the auth stuff is easy, but if two clients from the same LAN try to copy from each other, they are killing the processor and the network card in the router instead of copying directly from one another via the switches. Another problem with the PPPoE I couldn't solve was strange disconnects of clients. I couldn't trace them to high cpu load or high network traffic. They simply appear to be random and more, when the connection crashes, I get mismatches between the number of pppX interfaces from ifconfig output and the number of interfaces that I see in /proc/net/dev.
With the IPSec I hoped to ease some traffic from the routers and also decrease the cpu load. Also I hoped I could get rid of the nasty disconnects.


Vlad Adomnicai

Eugene Butan wrote:

Hello Vlad,

Why just not to use PPPoE between your gateways and clients?
This way you will be sure that only authenticated clients will be given Internet access.


Eugene

On Monday 21 March 2005 16:12, Vlad Adomnicai wrote:


Hi,
 I'm trying to build an ipsec gateway and somewhere I'm doing something
wrong.

 I have a couple of routers that have clients in their back. All the
routers are connected into a switch. In that switch I also have a
computer that provides internet access to the clients.
  I would like to setup some sort of autentification (don't need
encryption), to allow me to give access to different services to
clients. Diferenciating services I can do on the internet gateway, but
on the routers I have to be certain that a certain IP is not stolen.
 I have set up ipsec so that if a client pings his gateway, it will
work only if he has the same key as defined on the server. However, if
he pings the internet gateway, it will work, no matter what I do. I
would like the router to validate all packets to the outside LAN. Also I
would like to achieve this with the lowest CPU utilization possible
although this isn't critical. (about 150 clients behind one router
(p2-400/p3-600)).

 The documentation that I have found was only how to establish secure
connection between two computers, but what I need is to get outside of
it and if possible to not use VPN, because I want the clients that are
in the same LAN have maximum trasnfer speeds.

 Thx for any suggestions in advance.

Vlad Adomnicai

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux