Re: Can't set up an IPsec tunnel.

From: Kerin Millar (kerin@recruit2recruit.net)
Date: 01/24/02

• Next message: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Previous message: Lawrence Sica: "Re: Can't set up an IPsec tunnel."
• Maybe in reply to: dr3node: "Can't set up an IPsec tunnel."
• Next in thread: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Reply: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Jan 2002 19:26:35 -0000
From: "Kerin Millar" <kerin@recruit2recruit.net>
To: <freebsd-security@freebsd.org>

Haven't had much experience with IPSEC myself but maybe this document will help: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html

Of course it is Linux specific but it seems to cover the masquerading topic adequately, and presumably the parts about setting up the firewall should be easily adaptable to IPFW. Here is an interesting excerpt from the document:

<BEGIN>
If you are setting up a masqueraded VPN server, you will also have to obtain and install the following two packages:

To redirect the inbound TCP/UDP traffic (the 1723/tcp PPTP control channel or the 500/udp ISAKMP channel), you need the appropriate ipportfw port-forwarding kernel patch and configuration tool from http://www.ox.compsoc.org.uk/~steve/portforwarding.html. Port forwarding has been incorporated into the 2.2.x kernel. See man ipmasqadm for configuration details. If ipmasqadm is not included with your distribution it can be obtained at http://juanjox.kernelnotes.org/.

To redirect the initial inbound tunnel traffic (GRE for PPTP and ESP for IPsec), you need the ipfwd generic-IP redirector from http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/.
You do not need port forwarding or ipfwd if you are masquerading only clients."
<END>

Regards,

Kerin Millar

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Previous message: Lawrence Sica: "Re: Can't set up an IPsec tunnel."
• Maybe in reply to: dr3node: "Can't set up an IPsec tunnel."
• Next in thread: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Reply: Eric Anderson: "Re: Can't set up an IPsec tunnel."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [RAZOR] Linux kernel IP masquerading vulnerability ... A remotely exploitable IP masquerading vulnerability in the Linux ... inbound TCP port on the firewall. ... (Bugtraq) Re: DSL works, almost ... >> suggested masquerading your LAN behind your Linux router. ... >> your modem router would only answer for local LAN IPs in its network. ... >> modem) would eliminate the double NAT (masquerading behind NAT). ... >> I am not familiar with WinPoET and whether it differs from standard PPPoE. ... (comp.os.linux.networking) Re: [newbie] internet sharing / iptables ... Whoops, sorry, didn't see that in your script. ... If the linux box is on the internet and working (i.e. you ... (other than the one that sets up NAT / Masquerading) ... > Paul wrote: ... (comp.os.linux.misc) Re: Linux masquerading ... >>I am running IPTABLE masquerading on a RH Linux 9, ... > and I try restarting shorewall the network dies until I either remove ... 24/7 regardless of the ISP's connection. ... Registered with The Linux Counter. ... (comp.os.linux) Re: 2 NICs sharing a cable internet connection ... > masquerading (iptables) on the Linux box. ... > Try the MASQUERADING HOWTO and things should be ... (comp.os.linux.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-01