[Openswan Users] Is this a proper use for OpenS/WAN?
Paul Wouters
paul at xelerance.com
Sun Mar 14 12:47:11 CET 2004
On Sat, 13 Mar 2004, Faber Fedor wrote:
> 1. Is there any known problems with setting up a VPN tunnel with a
> LinkSys BEFSX41 router/firewall/VPN endpoint?
I believe people have used this before.
> 2. I Want to do my testing between a Fedora Core 1 box and a databse
> server running Red Hat 8.0. The actual installation will be on a Red
> Hat 8.0 box. Any known problems?
Yes, but don't use FC2, since that uses the 2.6 kernel with new ipsec code.
> I am extremely paranoid. I don't like the fact that I'm opening a hole
> in the firewall and that the website will have in it's possession credit
> card information. However, the requirement states that this is all done
> in realtime.
Your biggest problem will be if the webserver is compromised and sends *new*
credit card information it gets from visitors elsewhere.
> So what I Was thinking was thins: setup a VPN tunnel between the website
> and the database servers. The tunnel naturally goes through the
> firewall.
It seems better then no vpn, but that is almost always the case. Still, don't
give the webserver a vpn into the entire local firewalled network, but just to
a single dropoff server.
Paul
More information about the Users
mailing list