[strongSwan] side2side and firewall

Noel Kuntze noel at familie-kuntze.de
Tue Mar 25 11:42:14 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Peer,

Feel free to look at leftprotoport and rightprotoport,
as well as distinct configurations for clients, that connect from the LAN vs from the WAN.
Also, look at the "left" and "right" options. 
StrongSwan > 5.1.1 supports restricting connections to a specific subnet with those parameters.

Regards
Noel Kuntze

Am 25.03.2014 09:11, schrieb Dr.Peer-Joachim Koch:
> Hello Noel,
> 
> yes, using iptables directly would be one way. Another would be
> to include somehow into the ipsec configuration. To have all configuration
> issues at one point.
> 
> Bye, Peer
> 
> On 24.03.2014 17:40, Noel Kuntze wrote:
> Hello Peer,
> 
> If course you can do that. Iptables on Linux and pfsense on BSD offer enough functionality to do that.
> Look at the policy module for iptables.
> I don't know where to look for BSD, but it ought to have something similiar.
> 
> Regards
> Noel Kuntze
> 
> Am 24.03.2014 16:04, schrieb Dr.Peer-Joachim Koch:
>>>> Hi,
>>>>
>>>> is it possible to setup a couple of firewall rules on the
>>>> ipsec gw ?
>>>> We want to make sure that not everybody from the "outside" has access
>>>> to everything on the "inside".
>>>> So can it be limit to (example) port 25,80,143,443,587,993 from the outside
>>>> to the inside and all open on the inside ?
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.strongswan.org
>>>> https://lists.strongswan.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTMV2GAAoJEDg5KY9j7GZYBu8P/00PLLNwty1mBWsKVrss3eND
NH0uja2Xbd1IEHbleWPwzO/tzEHAaNT7KjsxSbUL368buW0QdKvDxcPGO4QR7z56
DK482/jtPIqq6lFwAXCrJFoOLLIsDNmsG+uFexpfURr96hEWU0Y4i5/hvOhauN3u
8fjtQuSH20AQkelGvJq+WNv1s2HShoxlAdvq9QF8VJ5J9avVb/ACxfasn7gctNGy
KkfFNuwG6G8wHYqDaQBmECDl3F2Cx7Uhab4Sbf+55OJ8LvrXWkI06+AeykefGaxR
CSpSOWl3JG+mkhvcyliuI8cf9CncL2L0YAUTPU/5NsRuBivLDqgrM+ymMpaBfR9y
9V9aGS9foDlmnFShJH1qI2Y060TPK23L41kYADBt/MuztWnSoL8bmKrOAn2nsc4D
dF2I98yG7TknfKwXnir+St/WBJ64GsLd3mBgH/908Rj6Vm/MQy3L9PZ2vp5gNmdO
aMlz3YB74Qsd+koWrQgA16A5VqmO4/a2fFSVsd+wCjBbmAUI35WPz99N0QWF9Y6X
fXMEWMP8KsWf0dfMUFZh66DXR8hqzm7L15t0QiLuDvbaVitUd2x37xbeBo1I80SU
Hw+HJ+DXRykQihL8PB45q83fogrfR17aPvxEnh+lj48vR32S+U7RWcKeM/Q+7mvx
mJxAOEUSv2hEZskVuJal
=prNL
-----END PGP SIGNATURE-----


More information about the Users mailing list