LINUX/shorewall firewall to firewall VPN question

LINUX/shorewall firewall to firewall VPN question

Post by sun.. » Wed, 15 Mar 2006 15:02:54



I have a linux firewall front ending a site which works fine.  I am
using shorewall as the script interface to iptables.

I would like to place another linux firewall at a remote site so that
I can build an incryped tunnel between each site.  I would like to
mount windows shared folders over the net securly using DSL.  I want
to do SSL type encrypton between each site.

I have used SSL to build tunnels but I don't know how to configure
this type of tunnel with shorewall and iptables.

Could someone point me to information on how to configure this type of
connection.

 
 
 

LINUX/shorewall firewall to firewall VPN question

Post by Tauno Voipi » Wed, 15 Mar 2006 16:12:40



> I have a linux firewall front ending a site which works fine.  I am
> using shorewall as the script interface to iptables.

> I would like to place another linux firewall at a remote site so that
> I can build an incryped tunnel between each site.  I would like to
> mount windows shared folders over the net securly using DSL.  I want
> to do SSL type encrypton between each site.

> I have used SSL to build tunnels but I don't know how to configure
> this type of tunnel with shorewall and iptables.

> Could someone point me to information on how to configure this type of
> connection.

You need a VPN router. I'd use OpenVPN for it.

There are two options:

- Data link layer tunneling, forwarding your Ethernet frames
   via the tunnel,

- Network layer tunneling, forwarding your IP packets via
   the tunnel.

The network layer tunnel (using the TUN interface) has potentially
less overhead than the data link layer tunnel (using TAP interface).

You cannot tunnel with simple firewall scripts, you need
some tunneling daemon to handle it.

--

Tauno Voipio
tauno voipio (at) iki fi

 
 
 

LINUX/shorewall firewall to firewall VPN question

Post by Dan » Wed, 15 Mar 2006 21:48:18



> You need a VPN router. I'd use OpenVPN for it.

The shorewall website has some OpenVPN examples.

Dan

 
 
 

LINUX/shorewall firewall to firewall VPN question

Post by Tauno Voipi » Thu, 16 Mar 2006 02:04:17




>>You need a VPN router. I'd use OpenVPN for it.

> The shorewall website has some OpenVPN examples.

> Dan

Yes - for passing the tunnel packets for the VPN,
but it still needs the daemon to jo the dirty job
of tunneling and encrypting/decrypting.

Shorewall is just a front-end to the network filter.

--

Tauno Voipio
tauno voipio (at) iki fi

 
 
 

1. Checkpoint Firewall-1 VPN and Firewall

I've got a home networke with a SUSE6.3 Linux machine acting as a firewall
and an NT machine on which I have to do my day job. Normal operations work -
I can ping internet addresses through the firewall from the NT client.

To access my companies network I use a PPTP client that is authenticated
using Check Point Firewall-1 Authentication agent. This I can't get to work
through the firewall - the session never responds.

Has anyone got a firewall setup working with this software? I've tried
forwarding packets for ports 47 and 1723 to the NT client as described in
the VPN howto but with no succes.

If anyone has gotton this working it would be greate if you could give me a
hint!

Cheers

John

john[AT]looseend.org

2. Problem with Mouse Detection on Red Hat Linux 7.1

3. Help: How to modify shorewall (firewall) configuration -LM 9.1

4. PPP and BellAtlantic.net

5. FTP client inside linux firewall communicating with FTP server inside another linux firewall

6. Where have a software free for watching VCD in Linux?

7. FTP server behind linux firewall communicating w/ FTP behind linux firewall

8. SCSI doc resources??

9. slow pptp for linux firewall clients, fast pptp from Linux firewall

10. PPTP VPN Firewall questions

11. Modular VPN/Router/Firewall idea/question

12. Installing RH Linux firewall in Home office for security, how can I VPN passthrough?

13. An application gateway firewall based on Linux - ITShield firewall