[Firehol-support] OpenSwan and firehol

Costa Tsaousis costa at tsaousis.gr
Wed Mar 11 10:35:02 CET 2009


Munroe Sollog wrote:
> I am trying to configure a network to network VPN using OpenSwan.  High
> level what I *think* I have to do is
> 1)Allow ESP traffic through
> 2)not MASQ traffic bound for the remote network
>   
Hi,

Well I don't know either. You have two options:

1. Find some documentation on how this should be done with iptables. 
Post it here, and I'll try to help you configuring firehol.

or

2. Do it step by step:

a. Make sure your VPN works without any firewall active, or with a trust 
relationship between the two hosts of the VPN.
b. Start your firewalls (without adding anything for the VPN).
c. Attempt to connect your VPN. Most probably it will fail, but you will 
have logs for the packets that failed to go through.
d. Based on the packets dropped, create services to allow these packets 
to flow.
e. Repeat (b), (c) and (d) until no packet related to your VPN is dropped.
f. Once done, please post here your findings so that I can add the 
services to firehol and update its documentation for the rest of the users.







More information about the Firehol-support mailing list