On 03/02/2012 05:52 PM, David G. Miller wrote:
Kevin VPN<kvpn@...> writes:
On 02/26/2012 12:58 AM, David G. Miller wrote:
Hi List -
I'm looking into whether there is a way to get the Shrew Soft VPN client
working with Red Hat Enterprise Linux 6.X (or clones such as Scientific
Linux or CentOS).
SNIP
Has anyone looked into building a statically linked version of iked (the
other pieces appear to work) under Fedora? Anyone succeed?
Hi Dave, does this post help?
http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
Hi Kevin -
SNIP
Since nothing worked I came back to the article and started setting other
rp_filer values to zero. I finally got a working solution by setting
net.ipv4.conf.eth0.rp_filter to zero. Unfortunately, this opens a significant
security hole. I can make attacking the vulnerability more difficult by
setting up my firewall to only allow packets going to the VPN port from my
VPN server. This doesn't stop someone from forging the source IP address.
Interesting discovery. It could be useful to someone despite the risks,
thanks for noting it.
Any other suggestions would be appreciated. The goal is to have the VPN
client on the Internet facing EL6 box that also serves as my router and have
multiple boxes within my local network be able to connect to the VPN through
a single client.
I don't have any suggestions for solving the issue specifically on
RHEL6, but someone was trying to do the same thing a little while ago
(one VPN client, client LAN routed through it) and it generated some
discussion. You could try reviving that thread and see what they ended
up doing:
http://lists.shrew.net/pipermail/vpn-help/2012-January/004224.html
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
