From 8066bd076c0d186d65cbb97a1ddfd2f3fca2339e Mon Sep 17 00:00:00 2001 From: mhnoyes Date: Thu, 25 Dec 2003 16:21:52 +0000 Subject: [PATCH] DocBook XML conversion git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@949 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/VPN.xml | 122 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 Shorewall-docs/VPN.xml diff --git a/Shorewall-docs/VPN.xml b/Shorewall-docs/VPN.xml new file mode 100644 index 000000000..3eea61062 --- /dev/null +++ b/Shorewall-docs/VPN.xml @@ -0,0 +1,122 @@ + + +
+ + VPN + + + + Tom + + Eastep + + + + 2002-12-21 + + + 2002 + + Thomas M. Eastep + + + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, Version + 1.2 or any later version published by the Free Software Foundation; with + no Invariant Sections, with no Front-Cover, and with no Back-Cover + Texts. A copy of the license is included in the section entitled + GNU Free Documentation License. + + + +
+ Virtual Private Networking (VPN) + + It is often the case that a system behind the firewall needs to be + able to access a remote network through Virtual Private Networking (VPN). + The two most common means for doing this are IPSEC and PPTP. The basic + setup is shown in the following diagram: + + + + A system with an RFC 1918 address needs to access a remote network + through a remote gateway. For this example, we will assume that the local + system has IP address 192.168.1.12 and that the remote gateway has IP + address 192.0.2.224. + + If PPTP is being used, there are no firewall requirements beyond the + default loc->net ACCEPT policy. There is one restriction however: Only + one local system at a time can be connected to a single remote gateway + unless you patch your kernel from the 'Patch-o-matic' patches + available at http://www.netfilter.org. + + If IPSEC is being used then only one system may connect to the + remote gateway and there are firewall configuration requirements as + follows: + + + /etc/shorewall/rules + + + + + ACTION + + SOURCE + + DESTINATION + + PROTOCOL + + PORT + + CLIENT PORT + + ORIGINAL DEST + + + + + + DNAT + + net:192.0.2.224 + + loc:192.168.1.12 + + 50 + + + + + + + + + + DNAT + + net:192.0.2.224 + + loc:192.168.1.12 + + udp + + 500 + + + + + + + +
+ + If you want to be able to give access to all of your local systems + to the remote network, you should consider running a VPN client on your + firewall. As starting points, see http://www.shorewall.net/Documentation.htm#Tunnels + or http://www.shorewall.net/PPTP.htm. +
+
\ No newline at end of file