Re: linux-ipsec: Any work done on an IPSec masq module?

-----BEGIN PGP SIGNED MESSAGE-----
> Anyone out there done any work on or thought about doing a MASQ module(s)

Not directly...

> I recently learned that the 2.0.x masq code does not support the BaySecure

Sorry to delay in replying to your original request. I have the same problem here and needed to work out the solution first to be sure it worked.

To answer your question, No, you are not obviously wrong. I was able to solve the problem by putting in a ipfwadm rule before the masquerading rule that intercepted any traffic from specific hosts or groups of hosts to the other end of the ipsec tunnel. I was only able to do this in tunnel mode so far, but have not tried transport mode. Since tunnel mode hides the internal address, this is not a problem. In transport mode, you require a valid internet address, in which case you don't need masquerading.

> Does anyone care to comment on the usefullness of masq support for IPSec in

I can't quite envision what you are going to do in a ipmasq module to accomplish this.

> If all goes well and no one else is already inventing this wheel, myself or

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

I have tested the above and it works, but the ipfwadm rules must be modified every time you add a new outgoing SPD/SA.

Good luck. I will document this at some point. If you need more details, don't hesitate to ask the *list*.

Can someone advise this list if anyone has done any masq work wrt. VPNs or IPSEC please.

> Al Youngwerth
> alberty@apexxtech.com

        slainte mhath, RGB
- --

Richard Guy Briggs -- PGP key available                       Auto-Free Ottawa!
rgb at conscoop dot ottawa dot on dot ca              
http://www.flora.org/afo/http://www.conscoop.ottawa.on.ca/rgb/           Ottawa-Rideau Bioregion, Canada

"We left our footprints in the Earth
And punched a hole right through the sky" -- S.Hogarth/J.Helmer(Marillion)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNdNFLN+sBuIhFagtAQFGLQP+NiiwxX8XsEO1+qZOKxfFFlek8MJjY2Ua qapFPZBdsjWkkeFnmf92TYaZZ0lQ0DtU7IUVJIstjpCtFQDoqUoDUugWjT1a5PVm vFqA+O/RV+RAQ7Kb0+9IcW87u97nPicQMZgZAtzgygVbi5Z1s/LSY8LAQJx+C7oD 1QwlauONiuQ=
=FEXh
-----END PGP SIGNATURE----- Received on Thu Aug 13 16:43:25 1998

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek