[Firehol-support] OpenSwan and firehol
costa at tsaousis.gr
Wed Mar 11 10:35:02 CET 2009
Munroe Sollog wrote:
> I am trying to configure a network to network VPN using OpenSwan. High
> level what I *think* I have to do is
> 1)Allow ESP traffic through
> 2)not MASQ traffic bound for the remote network
Well I don't know either. You have two options:
1. Find some documentation on how this should be done with iptables.
Post it here, and I'll try to help you configuring firehol.
2. Do it step by step:
a. Make sure your VPN works without any firewall active, or with a trust
relationship between the two hosts of the VPN.
b. Start your firewalls (without adding anything for the VPN).
c. Attempt to connect your VPN. Most probably it will fail, but you will
have logs for the packets that failed to go through.
d. Based on the packets dropped, create services to allow these packets
e. Repeat (b), (c) and (d) until no packet related to your VPN is dropped.
f. Once done, please post here your findings so that I can add the
services to firehol and update its documentation for the rest of the users.
More information about the Firehol-support