[Openswan Users] there is a way to insert iptables rules, dynamically on ipsec tunnel creation???
utkarsh at elitecore.com
Tue Jul 3 01:36:41 EDT 2007
Can you provide configuration (eg. ipsec.conf and ipsec.secrets) with a
dummy vaules ??
From the description you have specified, I think you have configuration
for same peers with different authentication mechanism.. Is it so ??
Then you might need to specify IP Address pair in ipsec.secrets.
Matias Lopez Bergero wrote:
> Thanks a lot!
> I switched the _updown script for the _updown_x509 and it adds the
> firewall rules :-)
> Now I have a new problem. Wen I'm using the x509 connections, the
> "old" net to net connections using shared RSA, the old ones has
> stopped working.
> Looks like there is a conflict using both types of connection. Any
> ideas on how to fix that??
> Thanks again.
> Utkarsh Shah wrote:
>> You can run commends whenever connection goes up and down by
>> specifying it in _updown script which is usually located at
>> and specify same updown script in your config if its not default.
>> Utkarsh Shah
> Matias Lopez Bergero wrote:
>> I'm being using Freeswan/Openswan for a couple of years.
>> I have used the gateway to gateway setup, but now, I need to setup a
>> road warrior config for just one user, maybe two.
>> I have no problem doing that config.
>> The vpn gateway is also a firewall, so I want to configure the
>> firewall(iptables) to allow only valid connections trough it, at the
>> FORWARD chain, that I have set default policy to DROP.
>> I have read trough the docs and Google, but I found nothing usable. I
>> found an interesting script called updown_x509, but it seams that I
>> cannot use that. It was written for old Pluto versions...
>> There is actually a way of doing this???
>> Other thing that I have found is some guys using L2TP. Maybe this is a
>> workaround for this problem... by filtering some private range???
>> Also I have read that someone is using the mark module of iptables. I
>> still have read this.
>> Any comments are most welcome,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users