> I just want to ftp from my office to my web server through IPSEC. > > My_W2K--------LRP-----I-N-T-E-R-N-E-T-------LRP-----WebServer > > My machine and Webserver keep preshared-key. How can I config > LRP to enable my machine to talk in IPSEC with webserver. (I don't > want tunneling mode just encryption data.) > > I already try for > > EXTERN="0/0 500 0/0" > DMZ_OPEN_DEST="udp_${webserver}_500" >
You need to allow UDP port 500, and protocol 50 traffic through your firewall. In addition, you will need to load the ip_masq_ipsec.o module if your firewalls are masquerading rather than simply routing. To poke the holes in the firewall rules, use the following: EXTERN_UDP_PORTS="0/0_500" EXTERN_PROTO0="50 0/0" You can replace the 0/0 (the whole internet) with the IP address of the remote end, if it's static. You may also have to port-forward inbound traffic on one (or both) ends of the link, depending on how you plan to operate your connection. See the VPN Masquerade HOWTO for details. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user