[Openswan Users] Am I thinking on the right lines here?

Andy Gay andy at andynet.net
Mon Jul 24 15:46:35 CEST 2006

On Mon, 2006-07-24 at 19:05 +0100, John wrote:
> I'm a little confused and hope the you will be able to allay my concerns.
> Workstation ---- SubNet 1 ------ Server =========== DSL router ------ 
> SubNet 2 ----- laptop

What OS's are running on these systems? Which systems are running
Openswan? Which version?
> I have, at last, succeeded in getting a VPN (shown as ===== above) 
> between the two halves of my network. However, when I tried to open an 
> SSH terminal across this link (from laptop to server), I was surprised 
> to have to open the relevant port in the host's firewall.
> Is this normal as I thought that the VPN would tunnel traffic through 
> the firewall?

Certainly not. IPsec doesn't touch your firewall rules. (At least
Openswan doesn't. Cisco have an option on their PIX which will bypass
access lists for IPsec traffic. You can set Linux up to work similarly,
but that won't happen by default).

> Also, should my laptop be able to recognise the server as a DNS server?

Sure. If your routing and firewall rules allow it.

> Many thanks, in advance,
BTW - you'll annoy the Openswan developers if you call their product
OpenS/WAN... :)

> John
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list