hi,
we have a special environment for a vpn connection and i want to discuss it in this
list, because i could not found something like that in the documentation.
the situation:
1. side
- 1 linux system (suse 8.2) with freeswan (1.99)
- 1 public ip address
- 1 nic (eth0: private address, eth0:0 public address)
there is no other machine behind freeswan.
2. side
- 1 firewall system with ipsec and psk support
- 1 public ip address on external nic
- different private net on internal nic
- application server in private net
the firewall system supports certificates too, but this doesn't work with freeswan. we
choose psk for authentication. for proper handling ip connections have to use private
addresses on the free
swan client.
addresses used now are sample addresses - changed for security reasons.
our network setup on freeswan client:
eth0: 192.168.100.1
eth0:0 195.195.195.1
our connection profile:
config setup
# interfaces=%defaultroute
interfaces="ipsec0=eth0 ipsec1=eth0:0"
conn test
left=195.195.195.1
leftnexthop=195.195.195.2
leftsubnet=192.168.100.0/24
right=196.196.196.1
rightsubnet=10.10.10.0/24
rightnexthop=196.196.196.2
after starting ipsec we have the follwing additional interfaces:
ipsec0: 192.168.100.1
ipsec1: 195.195.195.1
after starting ipsec and bringing up the connection test, we have the routing:
Destination Gateway Genmask Flags MSS Window irtt Iface
10.10.10.0 195.195.195.1 255.255.255.0 UG 0 0 0 ipsec1
we changed the routing entry to:
10.10.10.0 195.195.195.1 255.255.255.0 UG 0 0 0 ipsec0
so we can send packets thru the vpn tunnel with source address from 192.168.100.
1
it is working, but, is this a correct setup after all?
regards
chris
--
christian jeannot [EMAIL PROTECTED]
vogelmauer 17 http://www.augusta.de/~jeannot
86152 augsburg +49 179 69 46 446
