holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Documentation UPdates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1948 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-02-06 19:21:18 +00:00
parent 5428994760
commit 6e0ca3444f
3 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall-docs2/IPSEC-2.6.xml
View File

@ -15,11 +15,13 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-12-26</pubdate> <pubdate>2005-02-06</pubdate>
<copyright> <copyright>
<year>2004</year> <year>2004</year>
<year>2005</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -326,6 +328,13 @@ spdadd 134.28.54.2/32 206.162.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2
<para>The <filename>setkey.conf</filename> file on gateway B would be <para>The <filename>setkey.conf</filename> file on gateway B would be
similar.</para> similar.</para>
<caution>
<para>If you are running kernel 2.6.10 or later, then you need
ipsec-tools (and racoon) 0.5 or later and you need to add <emphasis
role="bold">-P fwd</emphasis> rules -- see <ulink
url="http://www.ipsec-howto.org/x277.html">http://www.ipsec-howto.org/x277.html</ulink>.</para>
</caution>
<para>A sample <filename>/etc/racoon/racoon.conf</filename> file using <para>A sample <filename>/etc/racoon/racoon.conf</filename> file using
X.509 certificates might look like:</para> X.509 certificates might look like:</para>

15
Shorewall-docs2/OPENVPN.xml
View File

@ -21,11 +21,15 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-12-27</pubdate> <pubdate>2005-01-29</pubdate>
<copyright> <copyright>
<year>2003</year> <year>2003</year>
<year>2004</year>
<year>2005</year>
<holder>Simon Mater</holder> <holder>Simon Mater</holder>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
@ -362,8 +366,8 @@ persist-key
verb 3</programlisting> verb 3</programlisting>
</blockquote> </blockquote>
<para>If you want multiple remote clients to be able to communicate with <para>If you want multiple remote clients to be able to communicate openly
each other then you must:</para> with each other then you must:</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
@ -377,5 +381,10 @@ verb 3</programlisting>
url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>.</para> url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>If you want to selectively allow communication between the clients,
then see <ulink
url="http://www.iut-lannion.fr/ZONZON/memos_index.php?part=Network&amp;section=WRTMemo&amp;subsec=vpnwithshorewall">this
article</ulink> by Marc Zonzon</para>
</section> </section>
</article> </article>

7
Shorewall-docs2/myfiles.xml
View File

@ -124,10 +124,9 @@
<para>The firewall system itself runs a DHCP server that serves the local <para>The firewall system itself runs a DHCP server that serves the local
network.</para> network.</para>
<para>I have one system (Roadwarrior, 206.124.146.179) outside the <para>I have one system (Remote, 206.124.146.179) outside the firewall.
firewall. This system, which runs Debian Sarge (testing) is used for This system, which runs Debian Sarge (testing) is used for roadwarrior VPN
roadwarrior VPN testing and for checking my firewall "from the testing and for checking my firewall "from the outside".</para>
outside".</para>
<para>All administration and publishing is done using ssh/scp. I have a <para>All administration and publishing is done using ssh/scp. I have a
desktop environment installed on the firewall but I am not usually logged desktop environment installed on the firewall but I am not usually logged