Hello.
I am currently running Bering (not uClibc) LEAF as a firewall (kernel
2.4.26). Everything works fine.
I was now thinking of adding ipsec. However (and I think this is the more
"problematic" way of going, but it would be "easier" for me with my current
hardware issues), I wanted to add a ipsec gateway using either strongswan or
openswan on a linux box BEHIND the firewall. The firewall is doing both (?)
NAT and PAT (port address translocation).
Now, I have searched for some time, and I can't seem to find a clear answer
to my question, so I thaught I would ask.
Is this possible?
Yes. I haven't personally set this up, but several folks have used Dachstein to do this (typically with an IPSec client on a 'doze box behind the firewall, but it's the same problem).
If it is, what do I need to change on the firewall to accomplish this? (I think it is possible, and all I need to do is port forward the appropriate ports from Bering to the ipsec gateway, and make sure I have nat-traversal patch installed with the swan distro, but i just am not sure.) If it's not possible, I was hoping to find out before wasting my time. Thanks for any help.
Just open the firewall to the appropriate traffic and forward it to the internal system running (open|strong)swan. You'll need to open UDP port 500 (IKE) and protocol 50 (ESP), port-forward the UDP traffic, and run an IPSec 'helper' module (with 2.2 kenels...I'm not sure if the 2.4 kernels work the same way) or use nat-traversal (which 'tunnels' the protocol 50 traffic across UDP).
-- Charles Steinkuehler [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
