[ previous ] [ next ] [ threads ]
 
 From:  "Jewell, Michael" <mjewell at law dot umaryland dot edu>
 To:  "Michael Brown" <knightmb at knightmb dot dyndns dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Weird setup
 Date:  Wed, 15 Aug 2007 23:41:34 -0400
Unless you ran split tunnel mode, causing only traffic pointing to the other side of the VPN to use
the ipsec and the rest of the traffic to use the ?dsl?
 
-Mike

________________________________

From: Michael Brown [mailto:knightmb at knightmb dot dyndns dot org]
Sent: Wed 8/15/2007 1:14 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Weird setup



The IPSec traffic is encrypted, IPCop sitting outside of the encryption
tunnel will not do the caching that you need since it won't be able to
see what is going on inside the tunnel. Don't know IPCop that well, not
sure if you could bridge some encryption between them, sounds like that
would open up a can and a half of worms.

Michael

Mike wrote:
> I happily run m0n0 boxes in a multiple site to site VPN. However, at
> one site, the need now has arisen to implement a form of transparent
> proxy for caching purposes, net filtering, and a few other features
> that m0n0 will not handle. The simple answer is to swap in a pfsense
> box, but this is far from simple. It is a matter of caching windows
> updates, antivirus updates, etc. IPcop was the best candidate.
> Here is the issue, and I want to consult the forum before I dive into
> it. I want to install the IPcop unit inline with the WAN before the
> m0n0, and have it as a transparent proxy. Internally, there are three
> separate LANs, so I would need three internally, or one external. That
> choice was easy.
> How, if at all, would I go about configuring this? Essentially IPcop
> does not need to act as a firewall, it has to pass the IPsec traffic
> through to the m0n0 box. It only needs to act as a proxy. Should I
> just ditch the m0n0 in favor of IPcop? Hate to do it.
> Hopefully someone has dealt with something similar.
>
> Mike
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch