Re: [Users] [Users]Freeswan+Virtual IP´s

From: Jason A. Pattie (pattieja_at_pcxperience.com)
Date: Wed Oct 23 2002 - 16:56:51 CEST

• Next message: Richard Guy Briggs: "[Users] Re: [Bugs] remote DoS, question"
• Previous message: John A. Sullivan III: "Re: [Users] Problem with NAT Traversal"
• In reply to: Berlinger Patrick: "[Users] [Users]Freeswan+Virtual IP´s"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On a similar subject, is there some way to get the same functionality
from FreeS/WAN for Virtual IP address assignment (for use with
proxy_arp, etc.) that SSHSentinel has?

Berlinger Patrick wrote:
> Helo,
>
> My VPN-GW in not the normalGW for the target-machines.
> So I can Ping the Machines, but the Pong will be routet over the
> Standard-GW of the machine.
>
> I think with virtual IP´s I could solve the Problem.
> But how to?

A couple of ways. You can choose to employ DHCP-over-IPSec or manually
assign a Virtual IP address to the SSHSentinel connection. Obviously,
manual assignment will be the simplest way for testing purposes (and
possibly for deployment) but not the most flexible.

All you have to do to assign a Virtual IP address to a connection is to
go into the Properties of the SSHSentinel VPN connection and check the
option for IP assignment. There is a button in that section that will
let you setup more options. Click on it. It will take you to a screen
that will allow you to select from four different ways to assign the
tunnel a Virtual IP address (DHCP, IKE, something else, and Manual IP
assignment). Select Manual assignment and enter an IP address in the
range of your internal subnet. Make sure that it will not conflict with
any other IP's currently in your internal subnet.

On your security gateway running FreeS/WAN, echo 1 to proxy_arp on the
internal interface, the one that has the IP addresses you are trying to
get to (i.e., in the range that you manually assigned to your VPN
connection). Say eth0 is your internal network interface. You would
enable proxy ARP on this interface as follows:

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

It's that simple.

>
> I Use: Freeswan 1.98, SSH-Sentinel
>
>
> Mit freundlichen Grüssen / with kind regards
> -------------------------------
> Patrick Berlinger
> Technical Services
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.

- --
Jason A. Pattie
pattieja_at_pcxperience.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9triyuYsUrHkpYtARAsN/AJ40WSpJimcqkFksBOyeWxxe43qssQCfb1Bo
G4+UlSG/fcLgNIn7QX4eWjk=
=S5gD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Richard Guy Briggs: "[Users] Re: [Bugs] remote DoS, question"
• Previous message: John A. Sullivan III: "Re: [Users] Problem with NAT Traversal"
• In reply to: Berlinger Patrick: "[Users] [Users]Freeswan+Virtual IP´s"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 16 2002 - 05:20:41 CET