Re: FreeSWAN VPN gateway+firewall combo..: SOLVED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I had a problem like the one your mentioned using freeswan. Looks that the routes are generated by the OE(opportunistic encryption), you need to disable that in order to prevent those extra routes.

Now I'm using openswan 1.0.4, a fork of freeswan, because the freeswan
project is no longer in active development.

Here is the freeswan announcement:
http://www.freeswan.org/ending_letter.html

BR,
Matías.

Tony Gogoi wrote:
| Thanks to a mail from one of the list members, I looked at the routing
| table and removed the extra "default" and removed other extranaeous
| entries too. The VPN gateway can now handle both VPN and non-vpn traffic.
|
| So, it was an issue with the routing table rather than the firewalls
| scripts.
|
| I'll now look why ipsec causes those extra entries in the routing table.
|
| On Wed, 20 Oct 2004, Tony Gogoi wrote:
|
|
|>
|>If there is some way of packet filtering on the basis of source and
|>destination address to be able to control on which interface a packet may
|>be sent out, that would be great.
|>
|>While starting IPSEC, route command shows 2 defaults ! on interafaces eth0
|>and ipsec0. Right now non-vpn traffic is being routed through ipsec0
|>whenever IPSEC is "up". Is there a way to direct packets to a particular
|>interface of my choosing? That way all packets who's protocol types are
|>not VPN protocol types could be directed on that interface.
|>
|>On Wed, 20 Oct 2004, Tony Gogoi wrote:
|>
|>>Is there a way to disnguish between VPN and Non-VPN traffic in iptables
|>>while the VPN tunnel is "up"?
|>>
|>>Any hints will be appreciated.
|>>
|>>Thanks,
|>>Tony
|>>
|>>
|>
|>
|>
|>Tony Gogoi
|>
|
|
|
|
| Tony Gogoi
| -
| : send the line "unsubscribe linux-admin" in
| the body of a message to majordomo@xxxxxxxxxxxxxxx
| More majordomo info at  http://vger.kernel.org/majordomo-info.html
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBgV+kRB0HKLRQp/gRAiouAJ9Yk33KcqXZAUND2IygREADer0xPACeKKGC
Ai3bjZUi7hY7AC3Q6fvueOc=
=h9Uq
-----END PGP SIGNATURE-----
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux