[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [SLUG] freeswan



It works very nicely.  I have had a 4 site freeswan VPN running now for
about 10 months and have only had to intervene in it on about two
occasions when the tunnels mysteriously died.

I built it on the 2.2.17 kernel with freeswan 1.5

Right at the moment I am trying to build a machine to add another site and
initially tried to build on the 2.2.19 kernel, but am having compilation
errors, so I am going back to the 2.2.17 kernel to try that.

One thing to remember if you are quoting on this sort of job is that
adding another site to the VPN most probably also requires re-config of
the existing sites, so make sure that you factor this in.  In my case I
was subbing for a Windows contractor who wanted a reliable gateway, but
didn't tell me the full story.  I have since adjusted the price -
upwards. (8-)

-- 
Howard.  LANNet Computing Associates <http://lannetlinux.com>
_____________________________________________________________
"We needn't, as socialists, get too concerned about privacy;
it's a bourgeois right, closely allied to the right to private property".
                                - Former Federal Health Minister Neal Blewett,
addressing the Fabian Society in 1988 in relation to the Australia Card issue.

On Fri, 15 Jun 2001, Adam Armstrong wrote:

> I am starting to (after 3 weeks) have some success with the June 11th
> Snapshot on 2.4.5 kernel.
> 
> My advice with freeswan is:-
> 
> (1)  Read EVERYTHING first
> (2)  Get yourself a faster processor.  You may have to compile your kernel
> more than once as you get used to how it works (the first time I compiled it
> I forgot to add in ppp, for example).  Compiling the kernel on a P100 will
> take a considerable amount of time.
> (3)  When you test the first time, test from the far left subnet to the far
> right subnet.  Don't test from the gateway machines.
> 
> It's a challenge.  Satisfying when it works, though.
> 
> 
> -----Original Message-----
> From: Ken Foskey [mailto:foskey@nospam.optushome.com.au]
> Sent: Friday, 15 June 2001 1:47
> To: slug@nospam.slug.org.au
> Subject: [SLUG] freeswan
> 
> 
> 
> I want to run a debian firewall with freeswan for internet and a VPN 
> tunnel.  IPSEC with IKE and a shared secret.
> 
> This box will be built from scratch on a minimal harddisk, P100 
> processor.  It must redirect my internal network to the internet.  It 
> will redirect specific IP addresses through freeswan VPN  (10.x.x.x 
> series and other).
> 
> OK how do I configure a freeswan firewall deb package the easy way?
> Any hints or pointers?
> Any apt-get configurations?
> 
> My starting point will be 2.2 debian disks, but I have a cable modem now 
> :-) so internet installs not a problem.
> 
> There is a lot of discussion about not 2.4 kernels,  is this still current?
> 
> Thanks
> KenF
> 
> 
> 


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug