[Openswan dev] VPN policie and Protocol selector
Michael Richardson
mcr at sandelman.ottawa.on.ca
Fri Sep 2 22:40:00 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "david" == david <david2005.p at gmail.com> writes:
david> when I make right(and left)protoport:icmp,only this protocol
david> can be use to reach the other end of the VPN. All other
david> protocols are discarded.
>> Write a policy of "type=passthrough" for the other protocols.
david> Would this type of policy enable me to not discard the other
david> protocols but also to let them pass outside of the VPN ?
Yes.
if you don't discard them, then they will be forwarded in the clear.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQxj+7oqHRg3pndX9AQENRQP+MyK6W3E6OWezjn9pJXw7JT3pCA8Cf2A9
zVY/N5aI0sr7Jxi6pp5Vr5RsFJg7FxdXWepKo4GQLStcELRdIVrvgFF53CI6mCgL
gk08pTjMFgVXcMtIEMe2cOdJWIW23Ca7iy08C50oSTPpapE1t0i9OvY1PWWlBce/
cUwE3m9SWZw=
=7bNH
-----END PGP SIGNATURE-----
More information about the Dev
mailing list