Ted At 02:23 09.07.2004 -0500, Theodore M. Wynnychenko wrote: >Hello. >I am currently running Bering (not uClibc) LEAF as a firewall (kernel >2.4.26). Everything works fine. >I was now thinking of adding ipsec. However (and I think this is the more >"problematic" way of going, but it would be "easier" for me with my current >hardware issues), I wanted to add a ipsec gateway using either strongswan or >openswan on a linux box BEHIND the firewall. The firewall is doing both (?) >NAT and PAT (port address translocation). >Now, I have searched for some time, and I can't seem to find a clear answer >to my question, so I thaught I would ask. >Is this possible? If it is, what do I need to change on the firewall to >accomplish this? (I think it is possible, and all I need to do is port >forward the appropriate ports from Bering to the ipsec gateway, and make >sure I have nat-traversal patch installed with the swan distro, but i just >am not sure.)
I did a port of openswan 1.03 to a 2.4.24 kernel a while ago. It was more of a test for the porting environment than anything else, but proved the concept. I guess, the latest OpenSwan should be quite easy too. For StrongSwan I don't know yet, is in the pipeline. It might be a problem with our outdated glibc. So, yes I believe it is feasible. You can have a look at my kernel development environment at http://luna.think.ch/leaf/styx/2.4.24/ The Makefile is quite self explanatory. cheers Erich THINK P�ntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
