[Openswan Users] Am I thinking on the right lines here?

John John at DMJ-Consultancy.co.uk
Tue Jul 25 11:58:21 CEST 2006


Andy Gay wrote:
> On Mon, 2006-07-24 at 19:05 +0100, John wrote:
>   
>> I'm a little confused and hope the you will be able to allay my concerns.
>>
>> Workstation ---- SubNet 1 ------ Server =========== DSL router ------ 
>> SubNet 2 ----- laptop
>>     
>
> What OS's are running on these systems? Which systems are running
> Openswan? Which version?
>   
(Workstation is on windoze XP)
Server is running Openswan 2.4.4 on SuSE Linux 10.0 (Openswan installed 
from the SuSE DVD)
DSL Router is Netgear FVS318
Laptop is on SuSE 10.1
>> I have, at last, succeeded in getting a VPN (shown as ===== above) 
>> between the two halves of my network. However, when I tried to open an 
>> SSH terminal across this link (from laptop to server), I was surprised 
>> to have to open the relevant port in the host's firewall.
>>
>> Is this normal as I thought that the VPN would tunnel traffic through 
>> the firewall?
>>     
>
> Certainly not. IPsec doesn't touch your firewall rules. (At least
> Openswan doesn't. Cisco have an option on their PIX which will bypass
> access lists for IPsec traffic. You can set Linux up to work similarly,
> but that won't happen by default).
>
>   
>> Also, should my laptop be able to recognise the server as a DNS server?
>>     
>
> Sure. If your routing and firewall rules allow it.
>
>   
>> Many thanks, in advance,
>>
>>     
> BTW - you'll annoy the Openswan developers if you call their product
> OpenS/WAN... :)
>
>   
>> John
>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>     
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   



More information about the Users mailing list