| Message: 4 | From: "Allan Crooks" <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED] | Date: Thu, 13 Jun 2002 22:24:00 +0100 | Subject: [leaf-user] Using LEAF just for IPSEC? | | Hi, | | I've got a quick question about using LEAF (and any of its | distributions). | | I've currently got an ADSL router, which performs NAT and | firewalling for me. I have a machine that needs to connect to a VPN | using IPSEC. Now, all the documents talk about the LEAF box | using either 2 network cards or being connected to a network and a | particular connection device. | | Now I want to setup a LEAF box that would act as a router, but for | certain traffic (going to a particular IP address), it would use | IPSEC. But I need it to forward all traffic to the router (which is the | main gateway). | | So essentially, I just have one ethernet card in my proposed LEAF | box... is this doable? | | Thanks, | Allan.
I'm not sure why you would want to do this... First problem, it looks to me like you plan to have the IPSec gateway inside your LAN, *behind* the NAT gateway. With the way FreeS/WAN works right now, you will have big problems. Simply, IPSec doesn't like traversing a NAT box. You mention that you want certain traffic to be encrypted. This happens transparently with the LEAF box. Traffic headed to the IP or subnet it's configured for will be encrypted before dumping to the WAN port. The remaining traffic just gets dumped as per normal, without encryption. I think you'd be better off putting the LEAF box into the position of the ADSL router. Let the LEAF box masquerade your LAN, port forward, whatever you need. Use the ADSL router as a hub if it has more than 1 port on the LAN side. Unless I'm missing some detail here, the LEAF box will do everything the router will, and more. Brock _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html