[Shorewall-users] IPSEC VPN & Shorewall
Tue, 22 Jan 2002 10:25:55 -0800
Content-Type: text/plain; x-avg-checked=avg-ok-44416D3C; charset=us-ascii; format=flowed
I am trying to set up an IPSEC VPN with Gauntlet on one end and a IPTABLES
based firewall on the other. Needless to say, I went the smart route and
am using SHOREWALL on the my Linux box.
I put the following entry into my /etc/shorewall/tunnels files (The ip
addresses have been changed to protect the innocent):
# TYPE ZONE GATEWAY GATEWAY ZONE
ipsec net 22.214.171.124
Where 126.96.36.199 is the GAUNTLET box.
Now, there are several RFC1918 address blocks behind that 188.8.131.52 router,
should I create a zone which contains all those blocks and put that in the
"GATEWAY ZONE" parameter?
Also, I read in the IPSEC docs that the "tunnelled" packets should NOT be
masq'ed. Is that correct?
The SHOREWALL firewall is protecting another 192.168 address block (that is
NOT being used on the other side of 184.108.40.206).
Also, how does one handle DNS so that addresses on the other side of the
tunnel can be resolved?
Any help (pointers to docs), etc would be GREATLY appreciated.
Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-44416D3C
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.314 / Virus Database: 175 - Release Date: 1/11/2002