[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] freeswan



> I want to run a debian firewall with freeswan for internet and a VPN
> tunnel.  IPSEC with IKE and a shared secret.

> This box will be built from scratch on a minimal harddisk, P100
> processor.  It must redirect my internal network to the internet.  It
> will redirect specific IP addresses through freeswan VPN  (10.x.x.x
> series and other).

One thing to make sure of is the capabilities of what you are
connecting to. If another Linux box, fine. If a commercial router,
check that it is capable of doing encryption better than single DES
(e.g. triple DES). For example, if it's a Cisco box, you may need to 
check the code revision level. Freeswan doesn't support straight 
DES, they consider it insecure (even though part of the standard).

Adding freeswan to a kernel, compiling and installing isn't _too_
bad. Be sure to read the docs. There are (were, six months ago)
non-approved patches to allow single DES, but these are extremely
fiddly.

One more thing. If the remote end (behind their firewall) is 10.x.y.0 
and you are 10.p.q.0, this may have implications for gatewaying.
I've not had to fiddle with this, but I imagine if x != p and
you use a bigger (smaller?) netmask, then it will work.

Good luck
Jamie

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug