[ previous ] [ next ] [ threads ]
 
 From:  "Jan Walzer" <j dot walzer at itcampus dot de>
 To:  m0n0 <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSec, Roadwarrior...
 Date:  Tue, 29 Jun 2004 14:58:45 +0200
Hello, its me again ...

I still have some questions left, concerning IPSec for Roadwarriors.
Our setup will be something like the following:


                      :           Provider Uplink    -----___
     inner Network    :                                      V
                      :
  +----------------+  :   +-----------------------------------------+
  | 192.168.0.0/16 |  :   |                 m0n0                    |
  | 172.16.x.0/24  |------| 172.16.0.1  217.5.4.12/28   10.0.0.0/30 |
  +----------------+  :   +-----------------------------------------+
      ^-._            :                       |                  |
	   \		   :			+-----------------+    Transfer-
          |           :              | Routed-Net from |     network
          |           :              |     Provider    |    ____|_____
          |           :              |                 |   [ Provider ]
          |                          |       DMZ       |        |
          |                          +-----------------+        |
    Several Network ranges                              _--.-.-.'-.-_
    With several m0n0walls                             {   Internet  }
                                                        '--.--.--.--'
                                                           |
                                              +--------------+
                                              |  Roadwarrior |
                                              | with dynamic |
                                              |       IP     |
                                              +--------------+

Now, The SSH-Sentinel works with the m0n0, and I can create
IPSec-Links   to the m0n0.

But: What do I need for Linux (Kernel 2.6.x) to connect? I want
to have access to the inner networs as well as to the DMZ, as
if I were in the inner Network itself.

What software do I need on the Client?
isakmpd?
racoon?
ipsec-tools?

How do I configure that stuff?
Do I need tunnel or transport mode for that?

I feel IPSec quite hard to setup and would prefer using
OpenVPN, but it seems M0n0 isn't ready for that, yet ...

nonetheless, good work, guys ...



-- 
itCampus Software und Systemhaus GmbH
Leipzig Halle Wittenberg


06108 Halle

Tel:   +49.345.27980151
Fax:   +49.345.27980130

Email: j dot walzer at itcampus dot de
Web:   http://www.itcampus.de


Prokurist Tobias Schmidt
Amtsgericht Leipzig HRB 1587