[Openswan Users] Interfaces for point-to-point
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Jun 11 10:35:34 EDT 2012
Something like
-A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
or
-A FORWARD -i eth1 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
On 06/11/2012 08:11 AM, Macks, Aaron wrote:
> thanks, that seems to be working. For a VPN like this, how do i specify rules in iptables to only apply to tunnel traffic? I don't see an obvious 'tun0' or the like from ifconfig
>
> A
> --
> Aaron Macks
>
>
> On Jun 11, 2012, at 6:15 AM, Willie Gillespie wrote:
>
>> Just leave leftsubnet and rightsubnet blank for a host-to-host connection.
>>
>> On 6/10/2012 9:35 PM, Macks, Aaron wrote:
>>> I'm trying to setup a machine-to-machine VPN, but am not sure what to use for the left|right subnet. On a network-to-network setup that would clearly be the "inside" interface, already configured. On this setup, though, there's no 'inside' network just the routable eth0 on each system. Do I make a special virtual interface on loopback with a non-routed IP or something?
>>>
>>> If someone could point me to a howto for this sort of ipsec tunnel, that would be fantastic, I've not been able to find one.
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list