[Openswan Users] Restricting acces only to one server

Paul Wouters paul at xelerance.com
Sat Dec 4 18:17:03 EST 2010

On Sat, 4 Dec 2010, Carlos Espinosa wrote:

>  I have configured IPsec+l2tp using Openswan, now I want to restrict access to "external-hosts" only to one server in my LAN (
> where this configurations take place?
> I know that using iptables this coud be done.But for what I read about IPsec protocol, there's a SPdb where this type of rules could be set.. or I'm
> wrong?

You are wrong. There is a "firewall likey" option in the RFC, but hardly any stacks support it,
and instead leave it to the OS to filger seperately. Openswan and Linux do not use this. Use


More information about the Users mailing list