[Openswan Users] there is a way to insert iptables rules, dynamically on ipsec tunnel creation???
Matias Lopez Bergero
mlopezb at udesa.edu.ar
Mon Jul 2 12:12:34 EDT 2007
Thanks a lot!
I switched the _updown script for the _updown_x509 and it adds the
firewall rules :-)
Now I have a new problem. Wen I'm using the x509 connections, the "old"
net to net connections using shared RSA, the old ones has stopped working.
Looks like there is a conflict using both types of connection. Any ideas
on how to fix that??
Utkarsh Shah wrote:
> You can run commends whenever connection goes up and down by
> specifying it in _updown script which is usually located at /usr/lib/ipsec
> and specify same updown script in your config if its not default.
> Utkarsh Shah
Matias Lopez Bergero wrote:
> I'm being using Freeswan/Openswan for a couple of years.
> I have used the gateway to gateway setup, but now, I need to setup a
> road warrior config for just one user, maybe two.
> I have no problem doing that config.
> The vpn gateway is also a firewall, so I want to configure the
> firewall(iptables) to allow only valid connections trough it, at the
> FORWARD chain, that I have set default policy to DROP.
> I have read trough the docs and Google, but I found nothing usable. I
> found an interesting script called updown_x509, but it seams that I
> cannot use that. It was written for old Pluto versions...
> There is actually a way of doing this???
> Other thing that I have found is some guys using L2TP. Maybe this is a
> workaround for this problem... by filtering some private range???
> Also I have read that someone is using the mark module of iptables. I
> still have read this.
> Any comments are most welcome,
More information about the Users