Am Montag, 24. Februar 2003 20:15 schrieb Lynn Avants: > On Monday 24 February 2003 11:23 am, K.-P. Kirchd�rfer wrote: > <snip> > > > e) tunnels > > add the tunnels for net-net and gate-gate > > ipsec net 0.0.0.0/0 vpn,vgw > > <snip> > > > Is this setup esp. shorewall changes secure or did I opened pandoras box? > > Thanks for the thorough description! > The tunnel description with 0.0.0.0/0 would really be the only security > consideration is see. Although this _is_ the suggested method and still > forces authentication (RSA in your case), IIRC Shorewall will support > a DNS name in leui of ip address. Tom does not suggest using DNS names, > but it may be safer IMHO if you feel it is necessary. Otherwise what you > have is the typical suggestion and will work as you have noted.
I like to hear that :) Yes I know Tom's suggestion about DNS names, but I have to use them, as there is no public available fixed ip anywhere in this setup... thanks kp ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
