Very Computer

I have a linux firewall front ending a site which works fine.  I am
using shorewall as the script interface to iptables.

I would like to place another linux firewall at a remote site so that
I can build an incryped tunnel between each site.  I would like to
mount windows shared folders over the net securly using DSL.  I want
to do SSL type encrypton between each site.

I have used SSL to build tunnels but I don't know how to configure
this type of tunnel with shorewall and iptables.

Could someone point me to information on how to configure this type of
connection.

You need a VPN router. I'd use OpenVPN for it.

There are two options:

- Data link layer tunneling, forwarding your Ethernet frames
   via the tunnel,

- Network layer tunneling, forwarding your IP packets via
   the tunnel.

The network layer tunnel (using the TUN interface) has potentially
less overhead than the data link layer tunnel (using TAP interface).

You cannot tunnel with simple firewall scripts, you need
some tunneling daemon to handle it.

--

Tauno Voipio
tauno voipio (at) iki fi

The shorewall website has some OpenVPN examples.

Dan

Yes - for passing the tunnel packets for the VPN,
but it still needs the daemon to jo the dirty job
of tunneling and encrypting/decrypting.

Shorewall is just a front-end to the network filter.

--

Tauno Voipio
tauno voipio (at) iki fi