LINUX/shorewall firewall to firewall VPN question

Discussion in 'Linux Networking' started by sundog, Mar 14, 2006.

  1. sundog

    sundog Guest

    I have a linux firewall front ending a site which works fine. I am
    using shorewall as the script interface to iptables.

    I would like to place another linux firewall at a remote site so that
    I can build an incryped tunnel between each site. I would like to
    mount windows shared folders over the net securly using DSL. I want
    to do SSL type encrypton between each site.

    I have used SSL to build tunnels but I don't know how to configure
    this type of tunnel with shorewall and iptables.

    Could someone point me to information on how to configure this type of
    connection.
     
    sundog, Mar 14, 2006
    #1
    1. Advertisements

  2. sundog

    Tauno Voipio Guest


    You need a VPN router. I'd use OpenVPN for it.

    There are two options:

    - Data link layer tunneling, forwarding your Ethernet frames
    via the tunnel,

    - Network layer tunneling, forwarding your IP packets via
    the tunnel.

    The network layer tunnel (using the TUN interface) has potentially
    less overhead than the data link layer tunnel (using TAP interface).

    You cannot tunnel with simple firewall scripts, you need
    some tunneling daemon to handle it.
     
    Tauno Voipio, Mar 14, 2006
    #2
    1. Advertisements

  3. sundog

    Dan N Guest

    The shorewall website has some OpenVPN examples.

    Dan
     
    Dan N, Mar 14, 2006
    #3
  4. sundog

    Tauno Voipio Guest

    Yes - for passing the tunnel packets for the VPN,
    but it still needs the daemon to jo the dirty job
    of tunneling and encrypting/decrypting.

    Shorewall is just a front-end to the network filter.
     
    Tauno Voipio, Mar 14, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.