On Jul 2, 2013, at 4:40 AM, Daniel Pocock <[email protected]> wrote:
> > Hi, > > I had a look at this page which describes a single VPN zone called "vpn": > > http://www.shorewall.net/IPSEC-2.6.html > > Is this the most current information? It is the top page found by > Google for "shorewall ipsec" > > Is there any information about setting up multiple VPN zones for > different classes of road warrior? E.g. lets say there are two classes > of road warrior: > > vpn_a: mobile devices > > vpn_b: laptop devices (trusted more than the mobile devices) > > The IPsec platform (e.g. StrongSwan) gives all the road warriors a pool > IP. It uses different pools for users from vpn_a and vpn_b > > Looking at the ShoreWall IPsec example in the link above, it suggests > that all of 0.0.0.0/0 has to be mapped to a single VPN zone in the > /etc/shorewall/tunnels file, so it's not clear that Shorewall can cope > with multiple classes of road warrior. Can anybody comment on this? You can certainly use the /etc/shorewall/hosts file to create different IPSEC zones corresponding to different IP networks and/or address ranges. -Tom Tom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
