Shorewall Version 1.0.2

IPSec Tunneling


IPSec Gateway on the Firewall System

Suppose that we have the following situation:

We want systems in the 192.168.1.0/24 sub-network to be able to communicate with systems in the 10.0.0.0/8 network.

In /etc/shorewall/tunnels on system A, we need the following 

TYPE ZONE GATEWAY
ipsec net 134.28.54.2

In /etc/shorewall/tunnels on system B, we would have:

TYPE ZONE GATEWAY
ipsec net 134.28.54.2

At both systems, ipsec0 would be included in /etc/shorewall/internet as a "gw" interface:

ZONE INTERFACE BROADCAST OPTIONS
gw ipsec0    

Once you have these entries in place, restart Shorewall (type shorewall restart); you are now ready to configure the tunnel in FreeS/WAN.


Mobile System (Road Warrior)

Suppose that you have a laptop system (B) that you take with you when you travel and you want to be able to establish a secure connection back to your local network.

In this instance, the mobile system (B) has IP address 134.28.54.2 but that cannot be determined in advance. In the /etc/shorewall/tunnels file on system A, the following entry should be made:

TYPE ZONE GATEWAY
ipsec net 0.0.0.0/0

Last updated 2/22/2001 - Tom Eastep