[Openswan Users] Transport mode on a home LAN

Jack Byer ftn768 at gmail.com
Sat Nov 27 18:32:42 EST 2010


> This should work, and is currently your best solution.
>
>> Should I use certificates instead
>
> Start with PSK, you can always migrate to certs later if you feel that's
> better.

Thanks to the help of some people on IRC I did manage to get all three
of my machines communicating over IPsec for both IPv4 and IPv6
connections. I had some problems at first with not being able to
access some websites and the problem turned out to be related to MTU.
Tinkering with my Shorewall configuration on the gateway machine fixed
that.

The next step I'd like to do is to set up some iptables rules that
will DROP all non-encrypted packets both incoming and outgoing but I'm
not sure how IPsec and iptables interact. If I set the default policy
on all three chains in the filter table to DROP and then just accept
AH and ESP packets will this do the right thing, or do I need to add
the rules somewhere else?


More information about the Users mailing list