Re: [m0n0wall] Openswan CentOS 5.4 public IPSEC to M0n0 behind NAT

From:	"Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
To:	Simon Baker <simonb at kaizo dot org>
Cc:	Monowall Support List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Openswan CentOS 5.4 public IPSEC to M0n0 behind NAT
Date:	Fri, 2 Jul 2010 13:22:46 -0400

Yeah it seems like there is very little info out there.. kinda of weird how
little is out there given how often ipsec is used.

The /other/ way around is the problem I think and nothing can be done about
it. My goals are to tunnel ALL internet traffic from the m0n0wall to exit
the centos server. Thanks for the link, I will look over later tonight.

-J

On Fri, Jul 2, 2010 at 9:24 AM, Simon Baker <simonb at kaizo dot org> wrote:

>  On 02/07/2010 02:59, Jimmy Bones (Mhottie) wrote:
>
>>  Hey guys, here is my scenario;
>>
>> m0n0wall is behind a NAT box that we have no access to (so it receives a
>> private IP on the WAN interface 10.10.20.xxx)
>>
>> The centOS server is on a public static IP behind no firewall other then
>> it's own (iptables running on the server).
>>
>> I want to create a persistent ipsec tunnel;  server<->  m0n0wall .
>>
>> I have spent hours reading, trying etc. I've got a huge headache is about
>> all to show for it and most likely screwed my centos config pretty well.
>>
>> Either way, can someone help out? Is this even possible? The public IP of
>> the router m0n0wall is behind is static, but m0n0 can only get a private
>> NAT'd ip.
>>
>> ipsec.conf examples for the centos box?
>>
> Heya!
>
> Glad I'm not the only one who had issues with IPSec.
>
> Not sure if this is what you're after (as you're trying to do things the
> /other/ way round), but it may help...
>
> https://azuma.kaizo.org/simonb/monowall_openswan.html
>
> Let me know if it does help, or if theres anything you feel needs
> clarifying!
>
> Regards,
>
> Simon.
>
>
>
>