Darrick, Thanks for the reply. The reason I need the info is that one of the end points uses a Verizon DSL pipe where the WAN address that they give us is a non-routable IP. I have been able to manage this box remotely by configuring the Verizon virtual firewall GUI to port forward TCP 443 & 22 to the WAN i/f of the astlinux box. I would like to setup an IPsec tunnel between this box and another astlinux box (which has a routable WAN IP), but I need to configure the port forwarding for this to work with Verizon's DSL. After some Google searches it looks like I want UDP 500 and TCP 1723. Is this correct?
I am aware of the requirement of static IP's for both endpoints. At the moment, our IPS's are providing dynamic addressing on both ends, but I'm happy to hard code the addresses that we have at the moment just for testing purposes. Enjoy your vacation! -----Original Message----- From: Darrick Hartman [mailto:dhart...@djhsolutions.com] Sent: Sunday, October 18, 2009 8:21 PM To: AstLinux Users Mailing List Subject: Re: [Astlinux-users] IPsec VPN Tom, The code that's in the 0.7 branch will automatically enable the appropriate firewall plugin. For IPsec to currently work, you'll need to have a static IP address (so this won't work on a residential connection if your IP address changes frequently). In the future we may support 'road-warrior' options. I'm on vacation this week. There are a few things we need to clean up yet in the 0.7 branch before we're ready for a beta. The base works great. If you build from the devel environment, you can safely take what's in 0.7 and create a working image. You'll need to disable a few of the default packages to get a small enough image at this point. Darrick Tom Mazzotta wrote: > When the astlinux box is behind a NAT, what ports/protocol do I need to > forward to the box for IPsec to work with another astlinux box on the > Internet? ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
