[Openswan Users] Firewalling a vpn connection

Paul Wouters paul at xelerance.com
Thu Aug 18 20:46:16 CEST 2005


On Thu, 18 Aug 2005, Fred Strauss wrote:

> Is there anyway for iptables to distinguish between a packet that came
> across the vpn and packets that didn't? Or, is there a way to get an
> ipsec interface somehow, so that I can seperately firewall that
> interface?

The easiest way is to use KLIPS instead of NETKEY. KLIPS is the Openswan
kernel module for IPsec. You can either compile it yourself from source,
or grab a premade RPM from ftp.openswan.org.

RPMs for KLIPS for 2.4.0rc1 will hopefully be available later today.

Paul


More information about the Users mailing list