[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: VPN and firewall in one box?



I wouldn't mind some sample scripts for ... inspiration. If  you don't   
mind.
NAT is a must, since the private network is non-routable (172.* domain).   
I didn't write down any attempt to merge the two (vpn and firewall) as it   
seemed to lead to a "Swiss cheese" type firewall.
I'd rather run a couple of application proxies, instead of creating too   
many ipf rules.

I would appreciate some practical starting points (i.e. how you did it,   
if you did it). It will free me from this blocked state of mind... :-)

Thanks and regards,

Horia Georgescu

 -----Original Message-----
From: Patrick Ethier [mailto:pat_(_at_)_secureops_(_dot_)_com]
Sent: Tuesday, April 04, 2000 9:49 AM
To: Horia Georgescu; misc_(_at_)_openbsd_(_dot_)_org
Subject: RE: VPN and firewall in one box?


There is no problem. Actually, in my opinion, it is better to have both   
on the same box especially if you're using NAT. Simply set up IPF as you   
normally would(Pretend there was no ISAKMP or IPSEC on the box) and then   
set up your ISAKMP and IPSEC. You let "proto esp" in for the external   
interface and open the ports for ISAKMP (udp 500) in your firewall rules.   
Then, to filter out the VPN traffic, use the interface "enc0".


Read through the archives of this list for more specific info(We had a   
thread about that about 2 months ago). Also, the OBSD FAQ will be a good   
resource in helping you with this as well as the various links you'll   
find there.

If you have any problems while setting the stuff up, just ask away. I've   
done this a million times and I'm sure others on this list have done so   
as well.

Good luck,

Patrick Ethier
patrick_(_at_)_secureops_(_dot_)_com


 -----Original Message-----
From: Horia Georgescu [mailto:hgeorges_(_at_)_oasis-technology_(_dot_)_com]
Sent: Monday, April 03, 2000 11:38 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: VPN and firewall in one box?


Hi,

I would appreciate some suggestions regarding implementing a dual   
function, of firewall and VPN in the same box. Both ipf and vpn examples   
are only showing either a vpn, or a firewall setup.
Never both mixed together in the same box. Are they mutually exclusive?

Basically I want my private network to be able to talk through the VPN   
with a remote private network, while using NAT to connect to the   
Internet.

Anybody doing this?

Thanks and regards.

Horia Georgescu

<<attachment: WINMAIL.DAT>>