[Openswan Users] Restricting acces only to one server
Paul Wouters
paul at xelerance.com
Sat Dec 4 18:17:03 EST 2010
On Sat, 4 Dec 2010, Carlos Espinosa wrote:
> I have configured IPsec+l2tp using Openswan, now I want to restrict access to "external-hosts" only to one server in my LAN (192.168.0.3)
> where this configurations take place?
> I know that using iptables this coud be done.But for what I read about IPsec protocol, there's a SPdb where this type of rules could be set.. or I'm
> wrong?
You are wrong. There is a "firewall likey" option in the RFC, but hardly any stacks support it,
and instead leave it to the OS to filger seperately. Openswan and Linux do not use this. Use
iptables.
Paul
More information about the Users
mailing list