Re: Ipsec - vpn on iptables

From: Cédric Blancher (blancher@cartel-info.fr)
Date: 09/10/01


Subject: Re: Ipsec - vpn on iptables
From: Cédric Blancher <blancher@cartel-info.fr>
To: red@bluewin.ch
Date: 10 Sep 2001 00:04:02 +0200
Message-Id: <1000073046.596.7.camel@elendil>

On sam, 2001-09-08 at 10:38, red@bluewin.ch wrote:
> I'm using a Linux with iptables for firewall
> I would like to install ipsec to connect for vpn, and I might need some
> help.
> My questions:
> 1. Is there a good how-to manual for creating the ipsec/vpn somewhere on
> the net ?

For me, best VPN implementation for Linux is actualy FreeS/WAN
(http://www.freeswan.org/). On the site, you can find a quite complete
documentation. For more specific question, there's a lot of stuff in
linux-ipsec maling-list archives.

When firewalling IPSEC tunnels, you must be careful with :
        IKE protocol (keys exchange) : UDP:500 to UDP:500
        ESP (encrypted payload) : IP protocol 50
        AH (authentication header, not always used) : IP protocol 51

> 2. To connect to this vpn with a win2000-client, which possibilities do
> exist ?

See the mailing list, some posts cover this topic. I even remember
someone wrote a paper about this (URL is posted on mailing list, maybe
see Google).
 

-- 
Cédric Blancher
Consultant sécurité systèmes et réseaux
Cartel Informatique - Groupe CGBI - http://www.cartel-info.fr/
Tél : 01 44 06 97 87 - Fax 01 44 06 97 99



Relevant Pages