[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN question

To: Dean Carey <dcarey@dolfin.com>
Subject: Re: VPN question
From: Adrian Close <adrian@esec.com.au>
Date: Fri, 2 Feb 2001 17:58:02 +1100
Cc: "'misc@openbsd.org'" <misc@openbsd.org>

On Thu, 1 Feb 2001, Dean Carey wrote:

> I am perhaps stupidly stuck at the moment!  I have created a successful
> VPN tunnel to my OBSD firewall and want to access an FTP server on the
> internal LAN (or mail server for that matter).  However I cannot unless I
> change my rules to ipf.open to test the problem.  Any advice on what I am
> missing in my rule base to permit VPN traffic to act as if it was on the
> internal LAN?

All IPSEC traffic (unless you're playing with some of the more funky
features) travels via the 'enc0' interface.

So, if you're happy that your IPSEC config/policy doesn't expose you to
IPSEC traffic sourced from nasty people, then you can just "pass in on
enc0" and "pass out on enc0" (depending of course on how your ruleset is
laid out).

Also, if you "ifconfig enc0 up", then you can "tcpdump -i enc0" to see
what is going on.

Hope this helps.

Adrian Close					email: 	adrian@esec.com.au
Network Architect	  			phone:	+61 3 8371 5300
eSec Limited					fax:	+61 3 8371 5399
"Protecting your e-business..."			web:	http://www.esec.com.au

References:
- VPN question
  - From: Dean Carey <dcarey@dolfin.com>

Prev by Date: Re: A quick, stupid question.
Next by Date: dev tun0 and ping
Prev by thread: VPN question
Next by thread: xmp
Index(es):
- Date
- Thread