Hosting Provided By

RE: linux-ipsec: IPSec Masquerade

From: Chuck Bushong <chuckb(at)chandler-group.com>
Date: Thu Jan 14 1999 - 16:11:39 EST

We are doing masquerading on both sides on a tunnel between a RedHat 5.1 box running klips and an NT4 box running Raptor 5. This allows us to directly address the 10.0.0.0 subnet from the 192.168.10.0 subnet at opposite ends of the tunnel. The following variation on the vpn.how document was the only difference.

Original Instructions

0. Say the desired setup is like this, with S and T subnets, and G and H security gateways standing between the subnets and the public network:

S======G------........-------H======T

Configure, compile, and install Linux kernels on both G and H, without FreeS/WAN. Test that machines in S can ping machines in T (not just that G can ping H) and vice-versa. If not, figure out why not and fix it. Do not proceed until it works. DO NOT OMIT THIS STEP.

Modified instruction 1

Configure, compile, and install Linux kernels on both G and H, without FreeS/WAN. Test that machines in S can ping machine H (not just that G can ping H) and T can ping G. If not, figure out why not and fix it. Do not proceed until it works. DO NOT OMIT THIS STEP.

Please note that S and T will NOT be able to ping each other if both sides are masqueraded. If only one side is masqueraded, it will be able to ping the un-maqueraded side, but not vice versa. There are also some additional changes required in the configuration files. I don't have them on hand, but if you can't figure them out (something about telling klips which side is masqueraded) let me know and I'll dig it up for you.

Good Luck,
Chuck

> -----Original Message-----
> From: John D. Hardin [SMTP:jhardin@wolfenet.com]
> Sent: Thursday, January 14, 1999 12:58 PM
> To: Linux IPsec
> Subject: linux-ipsec: IPSec Masquerade
>
> Hi, everyone.
Received on Thu Jan 14 17:05:50 1999

Do you need help?

This message: [ Message body ]
Next message: Henry Spencer: "Re: linux-ipsec: IPSec Masquerade"
Previous message: Richard Guy Briggs: "Re: linux-ipsec: IPSec Masquerade"
In reply to John D. Hardin: "linux-ipsec: IPSec Masquerade"
Reply: John S. Denker: "linux-ipsec: pluto sure is easy to crash"
Reply: Henry Spencer: "Re: linux-ipsec: privately-numbered subnets behind linux-ipsec gateways"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:29 EDT