> 1. Do you know of any free client for Windows which works with > Free/SWAN?
The newer windows systems have IPSec built-in, although configuring them to talk to a non-microsoft IPSec implementation can be quite a challange. Most of the reports I see on the FreeS/WAN mailing list seem to indicate the SSH Sentinel client is pretty good. IIRC, there's a list of windows clients known to interoperate with FreeS/WAN in the FreeS/WAN docs... > 2. I guess that regardless which client, I have to create some forward > rule to the one you advised me below. So it would be > > IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 0/0 -b > > Correct? Well, you'll need some sort of forwarding allowed, but you probably don't want the above. It will allow the whole internet to forward packets to your private LAN! Note this isn't as big a hole as it seems, since most internet traffic is stopped in the input rule chain, but it's still not a good idea. Exactly what sort of rules you'll need for your road-warrior clients also depends on how they're setup (ie as single clients with a host <> subnet tunnel, or as a VPN Gateway with a subnet <> subnet tunnel). See the FreeS/WAN docs on possible architectures, and their extensive section on firewall rule setup. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user