[ previous ] [ next ] [ threads ]
 
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Weird setup
 Date:  Wed, 15 Aug 2007 12:14:36 -0500
The IPSec traffic is encrypted, IPCop sitting outside of the encryption 
tunnel will not do the caching that you need since it won't be able to 
see what is going on inside the tunnel. Don't know IPCop that well, not 
sure if you could bridge some encryption between them, sounds like that 
would open up a can and a half of worms.

Michael

Mike wrote:
> I happily run m0n0 boxes in a multiple site to site VPN. However, at 
> one site, the need now has arisen to implement a form of transparent 
> proxy for caching purposes, net filtering, and a few other features 
> that m0n0 will not handle. The simple answer is to swap in a pfsense 
> box, but this is far from simple. It is a matter of caching windows 
> updates, antivirus updates, etc. IPcop was the best candidate.
> Here is the issue, and I want to consult the forum before I dive into 
> it. I want to install the IPcop unit inline with the WAN before the 
> m0n0, and have it as a transparent proxy. Internally, there are three 
> separate LANs, so I would need three internally, or one external. That 
> choice was easy.
> How, if at all, would I go about configuring this? Essentially IPcop 
> does not need to act as a firewall, it has to pass the IPsec traffic 
> through to the m0n0 box. It only needs to act as a proxy. Should I 
> just ditch the m0n0 in favor of IPcop? Hate to do it.
> Hopefully someone has dealt with something similar.
>
> Mike
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>