[Shorewall-users] IPSEC VPN & Shorewall

Emmett Hogan shorewall@lexielou.com
Tue, 22 Jan 2002 10:25:55 -0800


--=======642A246=======
Content-Type: text/plain; x-avg-checked=avg-ok-44416D3C; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 8bit

Hi Folks,

I am trying to set up an IPSEC VPN with Gauntlet on one end and a IPTABLES 
based firewall on the other.  Needless to say, I went the smart route and 
am using SHOREWALL on the my Linux box.

I put the following entry into my /etc/shorewall/tunnels files (The ip 
addresses have been changed to protect the innocent):

# TYPE          ZONE    GATEWAY         GATEWAY ZONE
ipsec           net     1.2.3.4

Where 1.2.3.4 is the GAUNTLET box.

Now, there are several RFC1918 address blocks behind that 1.2.3.4 router, 
should I create a zone which contains all those blocks and put that in the 
"GATEWAY ZONE" parameter?

Also, I read in the IPSEC docs that the "tunnelled" packets should NOT be 
masq'ed.  Is that correct?

The SHOREWALL firewall is protecting another 192.168 address block (that is 
NOT being used on the other side of 1.2.3.4).

Also, how does one handle DNS so that addresses on the other side of the 
tunnel can be resolved?

Any help (pointers to docs), etc would be GREATLY appreciated.

Thanks!

-Emmett 

--=======642A246=======
Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-44416D3C
Content-Disposition: inline


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.314 / Virus Database: 175 - Release Date: 1/11/2002

--=======642A246=======--