[Openswan Users] WINS resolution and firewall ruleset for ipsec0

Paul Wouters paul at xelerance.com
Wed Dec 8 14:26:57 CET 2004


On Wed, 8 Dec 2004, Craig Schneider wrote:

> Was just wondering if in my firewall ruleset I can have a default policy
> of ACCEPT for ipsec0?
>
> Am I correct in asumming that only once authenticated will traffic be
> allowed to traverse this interface? And communication will be encrypted?

Yes you are right. Ofcourse, authenticated traffic can still be malicious,
if the ther ipsec endpoint has been compromised by virussesn or malware.

> I am also having a problem with WINS resolution across my VPN/L2TP link,
> any ideas? I have use the ms-wins and ms-dns settings in options.l2tpd.

Usually, WINS problems are due to:
- Not all subnets are using the same WINS server (check dhcp), or
- No WINS synchonisation (check a zillion knowledge base articles at microsoft)
- multiple WINS servers are running in a local subnet.
- Some hosts do not use WINS (eg DHCP dpoesn't provide it or it is disabled
   inj the manual settings of the tcp/ip properties)

Paul


More information about the Users mailing list