[Openswan Users] one router or two

[lars]

hi, sibu,

I would recommend to set up the latter -  you will have the advantage 
of double control over whom may get to your lan and whom not. I wouldnt 
expose my openswan-gateway so directly to the internet when the LAN is 
directly conected to it.

we are working here with a similar szenario and it works well.

greetings



lasseboo



Am 13.07.2005 um 13:33 schrieb sibusiso xolo:

> Greetings,
>
> I am new to this list.  I am planning to set up two wan/ipsec routers.
> ADSL/ppp connections are available.  I would like to know which of the
> following is the  best way
>
> Setup1: 1 router  and adsl/ppp interface to  internet, Ethernet 
> interface to
> internal network, the machine has  iptables firewall script and  all 
> machines
> on the local network uses  this machine as their default gateway.  This
> machine also has openswan installed, with  ipsec.conf etc al
>
> Setup2. 2 routers, the first a lan/internet router with adsl/ppp 
> interface and
> internal network connected to Ethernet interface.   A second machine 
> (on the
> local network)  serves as the  wan/ipsec router.   The 
> iptables/firewall
> script on the first router forward the relevant ports to this second 
> machine.
>
> advice would be appreciated.
>
> Sincerely
> Sibu Xolo
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>