home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 2,070 of 2,348   
   Heruan to Joe Beasley   
   Re: OpenSWAN vs. iptables   
   09 Nov 06 11:35:30   
   
   From: heruan83@hotmail.com   
      
   Joe Beasley wrote:   
   > You should not need the virtual interfaces....   
   >   
   > Just use the source/destination.   
      
   Ok, thank you!   
   I added to my rules:   
   iptables -A INPUT -p esp -i eth1 -j ACCEPT   
   iptables -A OUTPUT -p esp -o eth1 -j ACCEPT   
   iptables -A INPUT -p udp -i eth1 --dport 500 -j ACCEPT   
   iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT   
   iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT   
      
   to establish the tunnel and permit communication from the subnet   
   192.168.0.0/24 but I still cannot ping or telnet to any services.   
      
   It is not less secure using source/destination instead virtual   
   interface? From virtual interface I know that those packets are coming   
   from the other end of the tunnel, accepting traffic from a subnet source   
   I feel a little less secure... isn't it?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca