Hosting Provided By

linux-ipsec: VPN setup conversation

From: Hutton, Rob <HuttonR(at)plymart.com>
Date: Tue Jan 26 1999 - 10:40:12 EST

I am trying to get the firewall rules set up to be as secure as possible. Nothing should come in from anywhere accept the VPN on the public NIC, and nothing should go out the public NIC accept for VPN. What do I need to leave open, what can I close, etc.

I see the following conversation using tcpdump when I run "ipsec auto snt up". I don't know how to provide more detail, but hopefully this info is enough.

209.149.150.1.500 > 209.149.150.5.500: udp 176
209.149.150.5.500 > 209.149.150.1.500: udp 80
209.149.150.1.500 > 209.149.150.5.500: udp 180
209.149.150.5.500 > 209.149.150.1.500: udp 180
209.149.150.1.500 > 209.149.150.5.500: udp 68
209.149.150.5.500 > 209.149.150.1.500: udp 68
209.149.150.1.500 > 209.149.150.5.500: udp 292
209.149.150.5.500 > 209.149.150.1.500: udp 292
209.149.150.1.500 > 209.149.150.5.500: udp 52

Once I see this, this the protocol changes to proto-50. Obviously I need to leave some udp ports open for VPN negotiation at startup. Are there other ports I need to leave open besides those above? Can I eliminate the need for some of the ports above?

Help,

Thanks,
ROb Received on Tue Jan 26 12:01:45 1999

This message: [ Message body ]
Next message: Richard Guy Briggs: "Re: linux-ipsec: Looks like the Alpha problem is in the hasher.."
Previous message: kasper.langkilde(at)i-data.com: "linux-ipsec: Correction to PLUTO."
Next in thread: Richard Guy Briggs: "Re: linux-ipsec: VPN setup conversation"
Reply: Richard Guy Briggs: "Re: linux-ipsec: VPN setup conversation"
Reply: Michael Richardson: "Re: linux-ipsec: VPN setup conversation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:29 EDT