On Monday 24 February 2003 11:23 am, K.-P. Kirchdörfer wrote: <snip> > e) tunnels > add the tunnels for net-net and gate-gate > ipsec net 0.0.0.0/0 vpn,vgw <snip> > Is this setup esp. shorewall changes secure or did I opened pandoras box?
Thanks for the thorough description! The tunnel description with 0.0.0.0/0 would really be the only security consideration is see. Although this _is_ the suggested method and still forces authentication (RSA in your case), IIRC Shorewall will support a DNS name in leui of ip address. Tom does not suggest using DNS names, but it may be safer IMHO if you feel it is necessary. Otherwise what you have is the typical suggestion and will work as you have noted. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html