Mark Haney wrote:
On Sun, 21 Mar 2004 18:33:13 -0500, Christopher K. Johnson <ckjohnson@xxxxxxx> wrote:No, because FreeS/Wan patches to 2.4 kernel utilize a tunnel interface device. So the interface configuration is different, and the iptables would utilize the tunnel interface as the input interface for packets coming from a vpn peer.
The easiest way to configure ipsec vpn and still keep kernel maintenance simple is by using the 2.6 kernel. Follow notes elsewhere on how to migrate to the 2.6 kernel, and hopefully the attached note will help you from there. It is a work in progress.
Hi Chris, thanks for the docs on this. Just one question, I'm not really worried about kernel maintenance so I'd prefer to stick with the latest FC1 kernel (2.4.22-1.2174?) and use FreeS/Wan. Will this doc work on this configuration as well?
Check out http://lartc.org/howto/lartc.ipsec.html which makes this distinction, and the freeswan docs linked from there.
-- ----------------------------------------------------------- "Spend less! Do more! Go Open Source..." -- Dirigo.net Chris Johnson, RHCE #807000448202021
