[Openswan Users] openswan and firewall problems

Massimo Mazzoldi mmazzoldi at direte.it
Thu May 26 11:50:18 CEST 2005


Hi, all...
I've been working for a long time with freeswan ...
to handle security for bridge wireless connections.

Having two security gateways on both side of the bridge was the best solution
to decide what connections were to accept or to drop.

That is if traffic from the tunnel is forwarded ... otherwise blocked. ;-)

On kernel 2.4 e klips... this was easy because I had ethX and ipsecX interfaces.

On 2.6?

I tried to use openswan 2.3.0...with klips... but I'm having a little stability
problem...

according to users, it seems that the tunnel goes down once every two weeks...

What solution can you suggest me?

Will upgrading to 2.3.1 solve my problem... 
or is it better to switch to netkey ipsec?

If I switch I need to change firewall rules ... not having any more ipsec
interface...

I read about using MARK on iptables to divide encripted allowed from not
allowed traffic in FORWARD rules...
...any example on how to do this?

...even a link to some documentation is welcome!!! :-)

Thanks a lot to everybody
Massimo




More information about the Users mailing list