FreeS/WAN - Routing all traffic (0.0.0.0) through a client tunnel

From: Kevin Thorley (elron8711@hotmail.com)
Date: 02/20/02 

From: elron8711@hotmail.com (Kevin Thorley)
Date: 20 Feb 2002 08:28:22 -0800

This is a message I posted to comp.os.linux.networking.... I thought
this group might be a better place for it.

Hello everyone... I'm hoping someone can give me some insight into a
project I am working on. I would like to set up my home network with
the following config:

                          ---firewall---
   home_lan-----router---< > --- WAN (ISP)
                          ---freeswan---

I have 2 static IP's, so both the firewall and vpn device are
accessible from the internet. i understand how to set up a basic
branch office in this configuration, and how to set up a basic client
connection. What I would like to know however, is it possible to set
the client to forward ALL traffic through the tunnel? In effect, I
want the client to be subject to the same rules as the rest of the LAN
(in other words, all client traffic goes through the firewall).

I have experience with this type of configuration using a Nortel
Contivity switch, but have never tried it with freeswan. with the
Nortel device, anything that comes in through the tunnel is dumped out
onto the private network, would go through the LAN router, and then on
to the firewall and back out to the internet. Is this how freeswan
works? do i need to do any specific configuration?

an example... the user types in a request for CNN.com. The request is
placed in a packet and pushed through the tunnel (as is all traffic).
the packet gets to the other end of the tunnel, is un-encapsulated,
and then.... where does it go? does freeswan forward it out the
public interface or private interface?

i hope this is all not too confusing to read, though I think it may
be. any help is appreciated.... thanks!!

Kevin Thorley

Relevant Pages

  • RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports
    ... This configuration is known as "split tunnelling", ... The normal alternative is for all branch office client traffic to be ... through the corporate filters/firewalls and ISP. ... It's even possible that your current client and tunnel configurations ...
    (Security-Basics)
  • Re: 2.6 IPSec tunnel mode gateway
    ... syntax but watch out that the client can connect to all nets. ... > I am having trouble getting traffic through an ipsec gateway in tunnel ... I have a client on a private net connecting to a 2.6 gateway ... > #Gateway Configuration ...
    (comp.os.linux.networking)
  • Re: Client End Firewalls
    ... it doesn't matter if the email client can't be tricked when the ... control such things on a Windows 98 box. ... > than getting the client firewall properly configured. ... > additional costs for configuration and configuration-changes? ...
    (Security-Basics)
  • Re: Overwhelmed by choices of Design Patterns
    ... For this app, the configuration looked something ... --- the client of the configurator most query the data out of the ... similarity from the adapter interface and the adaptee interface .. ... suddenly looks a lot like Strategy Pattern? ...
    (comp.object)
  • Re: SBS Laptop Security Paradigm??
    ... use the wizard... ... Client Configuration ... To connect client computers to the network, ... Client Networking Configuration ...
    (microsoft.public.windows.server.sbs)