[Openswan Users] Firewalling a vpn connection
Paul Wouters
paul at xelerance.com
Thu Aug 18 20:46:16 CEST 2005
On Thu, 18 Aug 2005, Fred Strauss wrote:
> Is there anyway for iptables to distinguish between a packet that came
> across the vpn and packets that didn't? Or, is there a way to get an
> ipsec interface somehow, so that I can seperately firewall that
> interface?
The easiest way is to use KLIPS instead of NETKEY. KLIPS is the Openswan
kernel module for IPsec. You can either compile it yourself from source,
or grab a premade RPM from ftp.openswan.org.
RPMs for KLIPS for 2.4.0rc1 will hopefully be available later today.
Paul
More information about the Users
mailing list