FreeS/WAN network-to-network VPN

10-31-2003, 06:07 AM

If I set up a Freeswan ipsec connection on between two servers, do the two
servers get virtual IPs so that connections on to/from those IPs are secured
but their public IPs aren't? Or will any connection going from one server's
public IP to the other server's public IP automatically go via IPsec?

Thanks!

10-31-2003, 06:40 AM

/dev/null wrote:
> If I set up a Freeswan ipsec connection on between two servers, do
> the two servers get virtual IPs so that connections on to/from those
> IPs are secured but their public IPs aren't? Or will any connection
> going from one server's public IP to the other server's public IP
> automatically go via IPsec?
>
> Thanks!

Connections to the public IP will not be secured. Connections to the
existing private IP range will be routed via the tunnel (via the new
interface - ipsec0). I'm not sure how much you could change this by
tweaking.

Cheers
Tim

11-01-2003, 01:01 AM

On Fri, 31 Oct 2003 07:07:16 GMT, /dev/null <(E-Mail Removed)> wrote:
> If I set up a Freeswan ipsec connection on between two servers, do the two
> servers get virtual IPs so that connections on to/from those IPs are secured
> but their public IPs aren't? Or will any connection going from one server's
> public IP to the other server's public IP automatically go via IPsec?

If you tunnel, typically only the tunnelled IPs are routed through ipsec0,
and depending upon how your script modifies iptables during the
connection, you might only be able to access LAN IPs other than the
firewall doing the tunnel (since it may consider a public or other non-LAN
IP entering its private interface as spoofing). Although, it is possible
to work around that with additional rules to allow traffic to/from
that remote IP on any interface.

Or to access the firewall itself you could run a separate ipsec connection
to the firewall public IP without any tunnel. But usually it is easier to
simply ssh to it.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

11-01-2003, 12:51 PM

In article <(E-Mail Removed)>,
(E-Mail Removed) (David Efflandt) wrote:

> Or to access the firewall itself you could run a separate ipsec connection
> to the firewall public IP without any tunnel. But usually it is easier to
> simply ssh to it.

The remote firewall itself can be accessed through the VPN from your LAN if
you use the private LAN IP of the remote firewall. I use SnapGears
(www.snapgear.com) which run embedded Linux, iptables and Free S/WAN. I have
IPsec tunnels from my SG to my clients' SGs and I can manage their SG by
using their private LAN IPs.

--

Sak Wathanasin
Network Analysis Limited
http://www.network-analysis.ltd.uk

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Can not start conn with FreeS/WAN U2.04/K2.2.0 (kernel 2.4.26) afterUpdate from 1.96	Natanael Mignon	Linux Networking	2	07-12-2005 12:29 PM
FreeS/WAN <-> RHEL 3's KAME HOWTO?	Dan Stromberg	Linux Networking	0	11-05-2004 12:35 AM
FreeS/WAN setup problems	Sebastian Haas	Linux Networking	0	06-29-2004 05:50 AM
FreeS/WAN VPN over WLAN	jason	Linux Networking	0	01-22-2004 12:20 AM
Suse 8.2 and Frees/Wan	Marco Casole	Linux Networking	0	11-06-2003 08:55 AM