You must enforce this policy via firewall rules using either ipchains or
iptables that block all non-IPsec traffic.
Regards
Andreas
"Xu, Jia" wrote:
>
> Hi,
>
> Another question again.
>
> I want to make a road warrior gateway, which can block all non-IPSec traffic. That is, all road warrior should connect to this gateway's via IPSec connection. Other connections, including regular IP traffic without IPSec protection will not be permitted.
>
> I installed FreeS/WAN + Linux on the gateway. The authentication mechanism I used is X.509 certificates. The how can I configure the ipsec.conf to implement my plan besides the following configuration?
>
> conn %default
> keyingtries=1
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftcert=mycerts/my.cer
> auto=add
> pfs=no
>
> conn rw
> right=%any
>
> Thanks,
> Xu, Jia
> --------
> xujia_at_is.ac.cn
> office£º10-68154758-63
> fax:10-68213046
> mobile: 135-01003640
> State Key Lab of Information Security
> Chinese Academy of Sciences
> Yuquan Road 19A, Beijing, 100039
> P.R.China
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]== Content Security by MailMarshal _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:06 CEST