[Openswan Users] How to accept only VPN traffic
Axel Mueller
axel.mueller at avanux.de
Sun Jan 2 22:47:32 CET 2005
I'm using OpenSwan to encrypt WLAN traffic. Using FreeSwan on a 2.4
linux machine I used to accept DHCP trafiic on the WLAN interface but
blocked everything else. WLAN traffic besides DHCP was only accepted on
the ipsec0 interface.
Using OpenSwan on 2.6 kernel now (without klips) there is no ipsec0
interface anmore. Not a big problem I thought: Open port 500 on WLAN
interface, accept all traffic using protocol 50 and 51 and block
everything else. However, even though ipsec is up and running, traffic
from VPN client to VPN gateway still goes directly to destination port
(e.g. DNS to 53, HTTP to 80, etc.).
Is there anything wrong with the client side ipsec.conf (which I used
with OpenSwan / kernel 2.4) so far?
Does the line interfaces="ipsec0=ra0" make any sense if there is no
ipsec0 interfcae anymore?
version 2.0
config setup
interfaces="ipsec0=ra0"
virtual_private=%v4:192.168.70.0/24
conn %default
keyingtries=1
compress=yes
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn mueller-family-wlan
left=192.168.70.1
leftsubnet=0.0.0.0/0
leftcert=mueller-family.dyndns.org.pem
right=192.168.70.5
rightcert=asterix.mueller-family.de.pem
auto=start
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
Any hint would be appreciated :-)
Axel
More information about the Users
mailing list