[CentOS] Still VPN

Maciej Żenczykowski maze at cela.pl
Fri May 27 11:50:52 UTC 2005


Can you verify that indeed the "ip addr" command shows no virtual 
interfaces?

Cheers,
MaZe

On Fri, 27 May 2005, Simone wrote:

> Hi, still trying to understand one thing. I would definitely like to tell 
> iptables to accept all packets coming from remote vpn only if they hit the 
> $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like 
> ipsec0 device doesn't exist or it is not recognized. I red on the Openswan 
> users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface 
> (if I am not wrong this  is something backported on kernel 2.4 RHEL3) just 
> add a route to remote network through eth0, so if I want to ssh the vpn 
> server on his internal ip from the other side of the vpn I need
>
> $IPTABLES -A INPUT -i *$EXTIF* -s $MYEXTNETWORK -d $INTIP -p tcp -m tcp 
> --dport 22 -j ACCEPT
>
> and this is true for any other rule I would use ipsec0 in, I have to use 
> $EXTIF.
>
> Even if I am going to set sshd to listen on a different port, I am a little 
> worried this could harm my machine in any way.
>
> Comments are welcome
>
> Have a nice day
> Simone
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



More information about the CentOS mailing list