Shorewall 1.1 IPSec Tunneling |
IPSec Gateway on the Firewall SystemSuppose that we have the following situation: We want systems in the 192.168.1.0/24 sub-network to be able to communicate with systems in the 10.0.0.0/8 network. In /etc/shorewall/tunnels on system A, we need the following
In /etc/shorewall/tunnels on system B, we would have:
At both systems, ipsec0 would be included in /etc/shorewall/internet as a "gw" interface:
Once you have these entries in place, restart Shorewall (type shorewall restart); you are now ready to configure the tunnel in FreeS/WAN. Mobile System (Road Warrior)Suppose that you have a laptop system (B) that you take with you when you travel and you want to be able to establish a secure connection back to your local network. In this instance, the mobile system (B) has IP address 134.28.54.2 but that cannot be determined in advance. In the /etc/shorewall/tunnels file on system A, the following entry should be made:
Note that the GATEWAY ZONE column contains the name of the zone corresponding to peer subnetworks (gw in the default /etc/shorewall/zones). This indicates that the gateway system itself comprises the peer subnetwork; in other words, the remote gateway is a standalone system. Last updated 5/23/2001 - Tom Eastep |