What about ipencap protocol? Where does it play?
On 9/13/06, Robert <[EMAIL PROTECTED]> wrote:
Gustavo Rios wrote:
> Dear friends,
>
> I am starting to learn VPN, and i am very confused with some points.
> For instance, concerning firewall rules.
>
> It is not clear right now, on which interface i should see the
> protocol esp, ipencap, ah, etc. I could not figure it out on which
> interface, should i filter tcp, udp and application layer traffic like
> dns, http, ftp, ftp-data, etc between the both networks i am
> connecting ...
>
> Thanks in advance.
>
>
Ok, lets keep it simple.
You tunnel your traffic trough ipsec.
The packets you want to encrypt go into the enc0 interface. Unencrypted
traffic from the other side originates out of it.
As you have to get the ipsec onto the network, it has to exit/enter on
the physical interface, for example sk0.
You have to pass incoming and outgoing ipsec traffic (the encrypted
traffic) on the physical interface.
pass on sk0 proto esp
The actual traffic, the packets you wanted to secure with ipsec, have to
be filtered on the enc0 interface.
Host1: (unencrypted traffic) <--- tcp,udp,whatever ---> enc0 <---
ipsec-magic ---> sk0 <--- esp ---> :Host2
It's a bit early, hope i didn't confuse you too much.
-Robert
