[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: VPN and firewall in one box?



There is no problem. Actually, in my opinion, it is better to have both on
the same box especially if you're using NAT. Simply set up IPF as you
normally would(Pretend there was no ISAKMP or IPSEC on the box) and then set
up your ISAKMP and IPSEC. You let "proto esp" in for the external interface
and open the ports for ISAKMP (udp 500) in your firewall rules. Then, to
filter out the VPN traffic, use the interface "enc0".


Read through the archives of this list for more specific info(We had a
thread about that about 2 months ago). Also, the OBSD FAQ will be a good
resource in helping you with this as well as the various links you'll find
there.

If you have any problems while setting the stuff up, just ask away. I've
done this a million times and I'm sure others on this list have done so as
well.

Good luck,

Patrick Ethier
patrick_(_at_)_secureops_(_dot_)_com


-----Original Message-----
From: Horia Georgescu [mailto:hgeorges_(_at_)_oasis-technology_(_dot_)_com]
Sent: Monday, April 03, 2000 11:38 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: VPN and firewall in one box?


Hi,

I would appreciate some suggestions regarding implementing a dual function,
of firewall and VPN in the same box. Both ipf and vpn examples are only
showing either a vpn, or a firewall setup. 
Never both mixed together in the same box. Are they mutually exclusive?

Basically I want my private network to be able to talk through the VPN with
a remote private network, while using NAT to connect to the Internet.

Anybody doing this?

Thanks and regards.

Horia Georgescu