I have a VM which is the LAN router, and another VM in the LAN which is the
ipsec gateway. (strongswan)
I'm not fully understanding the guide here;
http://www.shorewall.net/IPSEC-2.6.html
- Does this still apply to kernel 4.*? There isn't a
[http://www.shorewall.net/IPSEC.html](http://www.shorewall.net/IPSEC-2.6.html)
- It doesn't say to set up DNAT on the router. How does the router know where
the ipsec gateway is?
- On the laptop, tunnels should be set as: ipsec net 206.162.148.9 vpn. But
what is that IP? The dynamic IP of the laptop, or the outside interface of the
remote router?
- If the latter, is there a way in the laptop's tunnels to, instead of an
explicit IP, do a DNS request, to get that remote IP?
- Wouldn't I need to set up DNAT in and SNAT out for ports 500 and 4500?
- How do I enable protocols 50 & 51? Would that be on one or both ports?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
