[Openswan Users] Am I thinking on the right lines here?

John John at DMJ-Consultancy.co.uk
Tue Jul 25 17:29:58 CEST 2006


Thanks, (Actually, I received it 3 times but, hey!

Not really, I'm still puzzled that I had to open the SSH port in the 
firewall (Server on the VPN (external) interface) to get the laptop to 
access it and I had to use its IP address since DNS resolution did not work

Cheers

J

Andy Gay wrote:
> You OK with this now? Do you still have questions?
>
> -Andy
>
> (John - sorry if you get this twice - I posted earlier from the wrong
> email account...)
>
> On Tue, 2006-07-25 at 10:58 +0100, John wrote:
>   
>> Andy Gay wrote:
>>     
>>> On Mon, 2006-07-24 at 19:05 +0100, John wrote:
>>>   
>>>       
>>>> I'm a little confused and hope the you will be able to allay my concerns.
>>>>
>>>> Workstation ---- SubNet 1 ------ Server =========== DSL router ------ 
>>>> SubNet 2 ----- laptop
>>>>     
>>>>         
>>> What OS's are running on these systems? Which systems are running
>>> Openswan? Which version?
>>>   
>>>       
>> (Workstation is on windoze XP)
>> Server is running Openswan 2.4.4 on SuSE Linux 10.0 (Openswan installed 
>> from the SuSE DVD)
>> DSL Router is Netgear FVS318
>> Laptop is on SuSE 10.1
>>     
>>>> I have, at last, succeeded in getting a VPN (shown as ===== above) 
>>>> between the two halves of my network. However, when I tried to open an 
>>>> SSH terminal across this link (from laptop to server), I was surprised 
>>>> to have to open the relevant port in the host's firewall.
>>>>
>>>> Is this normal as I thought that the VPN would tunnel traffic through 
>>>> the firewall?
>>>>     
>>>>         
>>> Certainly not. IPsec doesn't touch your firewall rules. (At least
>>> Openswan doesn't. Cisco have an option on their PIX which will bypass
>>> access lists for IPsec traffic. You can set Linux up to work similarly,
>>> but that won't happen by default).
>>>
>>>   
>>>       
>>>> Also, should my laptop be able to recognise the server as a DNS server?
>>>>     
>>>>         
>>> Sure. If your routing and firewall rules allow it.
>>>
>>>   
>>>       
>>>> Many thanks, in advance,
>>>>
>>>>     
>>>>         
>>> BTW - you'll annoy the Openswan developers if you call their product
>>> OpenS/WAN... :)
>>>
>>>   
>>>       
>>>> John
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users at openswan.org
>>>> http://lists.openswan.org/mailman/listinfo/users
>>>> Building and Integrating Virtual Private Networks with Openswan: 
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>     
>>>>         
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan: 
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>   
>>>       
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>     
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   



More information about the Users mailing list