[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC/MASQ



I am attempting to configure my home network with a static VPN to my
office using freeswan. At home however, my edge server acts as a
masquerading gateway for my lan which uses rfc1918 addresses.
My ipsec configuration is relatively simple and I believe it is entirely
correct. My problem arises when I enable the ipsec service on my edge
server, all masquerading capability ceases. I have rp_filter set to 0 for
all interfaces including ipsec0.
Has anyone seen this issue before, or does it sound familiar? I am reading
over this:

http://www.linuxsecurity.com/resource_files/cryptography/FreeSWAN-HOWTO/firewall.html

Using the option of setting firewall settings at boot rather than
dynamically.

My end goal is too have encrypted traffic from my edge server to my
office, but still allow normal non ipsec access to the rest of the
internet for my internal home lan.

I am including my (edited) ipsec.conf, however my iptables.conf is too
large for a mailing list. If anyone has a suggestion of a packaged
iptables config that is available for copying or ideas, I would appreciate
it.

Thank you in advance.

#ipsec.conf
config setup
        interfaces="%defaultroute"
conn %default
        keyingtries=0
        authby=rsasig
conn home-office
	leftrsasigkey=foo
	left=a.b.c.d # public ip address
	leftnexthop=%defaultroute
	#leftsubnet=10.63.210.0/24 # commented out to avoid nat rewrite of
				 # headers
	rightrssigkey=bar
	right=e.f.g.h # public ip address
	rightnexthop=e.f.g.i # the remote side's default gateway
	rightsubnet=e.f.g.h


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.