[Openswan Users] Am I thinking on the right lines here?
Andy Gay
andy at andynet.net
Mon Jul 24 15:46:35 CEST 2006
On Mon, 2006-07-24 at 19:05 +0100, John wrote:
> I'm a little confused and hope the you will be able to allay my concerns.
>
> Workstation ---- SubNet 1 ------ Server =========== DSL router ------
> SubNet 2 ----- laptop
What OS's are running on these systems? Which systems are running
Openswan? Which version?
>
> I have, at last, succeeded in getting a VPN (shown as ===== above)
> between the two halves of my network. However, when I tried to open an
> SSH terminal across this link (from laptop to server), I was surprised
> to have to open the relevant port in the host's firewall.
>
> Is this normal as I thought that the VPN would tunnel traffic through
> the firewall?
Certainly not. IPsec doesn't touch your firewall rules. (At least
Openswan doesn't. Cisco have an option on their PIX which will bypass
access lists for IPsec traffic. You can set Linux up to work similarly,
but that won't happen by default).
>
> Also, should my laptop be able to recognise the server as a DNS server?
Sure. If your routing and firewall rules allow it.
>
> Many thanks, in advance,
>
BTW - you'll annoy the Openswan developers if you call their product
OpenS/WAN... :)
> John
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list