Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] a simple question about FreeS/WAN

From: Linas Vepstas (linas_at_linas.org)
Date: Tue Jun 25 2002 - 22:07:05 CEST

Next message: Andreas Steffen: "RE: [Users] Just installed freeswan on a client's firewall and had some really good success (after some hair pulling), so I duplicated my work for another client and am having a problem I can't even seem to troubleshoot. x509 certificates won't load"
Previous message: Linas Vepstas: "Re: [Users] ppp ip-up script"
In reply to: pierre: "[Users] a simple question about FreeS/WAN"
Next in thread: Linas Vepstas: "Re: [Users] a simple question about FreeS/WAN"
Reply: Linas Vepstas: "Re: [Users] a simple question about FreeS/WAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Jun 25, 2002 at 11:33:19AM +0200, pierre was heard to remark:
> Hello,
> Is it normal that in the following case the non IPSec peer can access
> the protected subnet ? (without using a firewall on the VPN Gateway, of
> course!)
>
> IPSec peer-----------
> ----VPN Gateway (FreeSWAN+X509
> certificates)-----protected subnet
> non IPSec peer----
>
> I was thinking that only the IPSec peer would access the protected
> subnet and the others would be rejected since not authenticated.
> However, it seems that clear connections to the protected subnet are
> still possible. Is it really like that when there is not a firewall ?

yes.

The vpn gateway passes all traffic. it acts as a tunnel between
the two gateways, it does *not* do packet filtering or otherwise
try to control what kind of traffic flows through the tunnel.

--linas

-- 
pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933

application/pgp-signature attachment: stored

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Andreas Steffen: "RE: [Users] Just installed freeswan on a client's firewall and had some really good success (after some hair pulling), so I duplicated my work for another client and am having a problem I can't even seem to troubleshoot. x509 certificates won't load"
Previous message: Linas Vepstas: "Re: [Users] ppp ip-up script"
In reply to: pierre: "[Users] a simple question about FreeS/WAN"
Next in thread: Linas Vepstas: "Re: [Users] a simple question about FreeS/WAN"
Reply: Linas Vepstas: "Re: [Users] a simple question about FreeS/WAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST