[Openswan Users] there is a way to insert iptables rules dynamically on ipsec tunnel creation???
Matias Lopez Bergero
mlopezb at udesa.edu.ar
Fri Jun 29 16:46:47 EDT 2007
Hello,
I'm being using Freeswan/Openswan for a couple of years.
I have used the gateway to gateway setup, but now, I need to setup a
road warrior config for just one user, maybe two.
I have no problem doing that config.
The vpn gateway is also a firewall, so I want to configure the
firewall(iptables) to allow only valid connections trough it, at the
FORWARD chain, that I have set default policy to DROP.
I have read trough the docs and Google, but I found nothing usable. I
found an interesting script called updown_x509, but it seams that I
cannot use that. It was written for old Pluto versions...
There is actually a way of doing this???
Other thing that I have found is some guys using L2TP. Maybe this is a
workaround for this problem... by filtering some private range???
Also I have read that someone is using the mark module of iptables. I
still have read this.
Any comments are most welcome,
Thanks.
BR,
Matias.
More information about the Users
mailing list