From: Sam Sgro (sam_at_freeswan.org)
Date: Sun Dec 29 2002 - 05:16:10 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 28 Dec 2002, David Frascone wrote:
> I'm trying to secure my wireless portion of my network. Since WEP is
> broken, I'm trying to set up ipsec tunnels from my wireless devices to my
> router (linux w/ freeswan)
>
> So, it looks kinda like this:
>
> +------------+
> | Router +10.0.0.1--------------------10.0.0.0/24-----WIRELESS NODES
> +-----+------+
> |
> |
> Wired Network
>
>
> So, my problem is, I can't seem to get the connection established. If I
> move a wireless node to the 'net, and outside of the internal network, I can
> use a normal road-warrior config w/o problems.
>
> But, going internally, the default route gets confused (since it's the same
> as the router), and if I omit it, it just doesn't work. Can freeswan be
> used on a single segment?
To secure the internal network, you will need to create an ipsec interface on
the internal interface (ie 10.0.0.1). You'll do this by modifying the
"interfaces=" line in ipsec.conf - see its man page for more info.
The downside to this is that you won't be able to use %defaultroute in your
configs any longer. This may be a problem if you have a dynamically assigned
public IP address.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPg53DEOSC4btEQUtAQEFLwP/XEVIumVZOKxgGX1U6lHi14/T62e0/R63
EeG26/rgp2prBH2Xovb3vT0ilg1alzXApYjMJOaz6CaaDxOLPbtYdJINOJxv0tgW
aQX0Zpjrya9RAsD+IBEQk7julVh8DCj7dR66uF9CJN67SyOIbvSUT0nhouG63mbM
DBdDZIvDK/E=
=DJNB
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Mon Dec 30 2002 - 05:21:12 CET