Help on freeswan - Security

This is a discussion on Help on freeswan - Security ; I want to config freeswan on a just finished installation of a firewall (Debian / LINUX) in a way that I can access my home network from anywhere outside as I would be at home in my own net. I ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Help on freeswan

  1. Help on freeswan

    I want to config freeswan on a just finished installation of a firewall
    (Debian / LINUX) in a way that I can access my home network from anywhere
    outside as I would be at home in my own net.
    I just downloaded freeswan with its automatic installation on that firewall.
    The Firewall is simply iptables configuered with fwbuilder and works fine.

    Now I get stuck.
    All HOWTOs and google searches on freeswan haven't been really useful.

    Can somone help me howto proceed?
    Or give me a hint where I will find some help?

    Best
    Juergen

    P.S. on both sides of the firewall most stations are windows pc's.



  2. Re: Help on freeswan

    On 08.06.2006, Juergen Loewner wrote:
    > I want to config freeswan on a just finished installation of a firewall
    > (Debian / LINUX) in a way that I can access my home network from anywhere
    > outside as I would be at home in my own net.


    You really don't want FreeS/WAN. This project is *dead* since 3 years.
    There are no updates, *even* security updates.

    > I just downloaded freeswan with its automatic installation on that firewall.


    Why didn't you use packages from official repository?

    > The Firewall is simply iptables configuered with fwbuilder and works fine.
    >
    > Now I get stuck.
    > All HOWTOs and google searches on freeswan haven't been really useful.


    And you have problem with...?

    --
    Feel free to correct my English
    Stanislaw Klekot

  3. Re: Help on freeswan

    Stanislaw,
    I am new on ipsec/vpn.

    Before we discuss what problems I have (a bunch of it), lets
    talk about newer solutions:

    So what would you suggest as the best way to do the job:
    on the road access to my home network behind a linux firewall
    in a safe manner?
    Using standards.
    Guess it should be ipsec/vpn.

    Best
    Juergen

    "Stachu 'Dozzie' K." schrieb im
    Newsbeitrag news:slrne8g2ir.tvb.dozzie@hans.zsh.bash.org.pl...
    > On 08.06.2006, Juergen Loewner wrote:
    >> I want to config freeswan on a just finished installation of a firewall
    >> (Debian / LINUX) in a way that I can access my home network from anywhere
    >> outside as I would be at home in my own net.

    >
    > You really don't want FreeS/WAN. This project is *dead* since 3 years.
    > There are no updates, *even* security updates.
    >
    >> I just downloaded freeswan with its automatic installation on that
    >> firewall.

    >
    > Why didn't you use packages from official repository?
    >
    >> The Firewall is simply iptables configuered with fwbuilder and works
    >> fine.
    >>
    >> Now I get stuck.
    >> All HOWTOs and google searches on freeswan haven't been really useful.

    >
    > And you have problem with...?
    >
    > --
    > Feel free to correct my English
    > Stanislaw Klekot




  4. Re: Help on freeswan

    Juergen Loewner wrote:
    > Stanislaw,
    > I am new on ipsec/vpn.
    >
    > Before we discuss what problems I have (a bunch of it), lets
    > talk about newer solutions:
    >
    > So what would you suggest as the best way to do the job:
    > on the road access to my home network behind a linux firewall
    > in a safe manner?
    > Using standards.
    > Guess it should be ipsec/vpn.
    >
    > Best
    > Juergen


    openvpn?

    I found it very simple to set up.


    Mark Atherton

  5. Re: Help on freeswan

    Hi Mark,
    I am now for some hours reading all I found on the internet
    to this issue.
    What I have seen so far I would agree to you.

    My concern is that openvpn is not that much a standard that I would be
    able to access my home or others company WAN/LAN by the same
    protocol.

    Any experience with it (outside of YOUR LAN)?

    Any other here who could say a word to how openvpn
    fits into professional ipsec/vpn nets?

    Best
    Juergen

    "Mark Atherton" schrieb im Newsbeitrag
    news:vpoll3-s6r.ln1@hippolyta.theathertons...
    > Juergen Loewner wrote:
    >> Stanislaw,
    >> I am new on ipsec/vpn.
    >>
    >> Before we discuss what problems I have (a bunch of it), lets
    >> talk about newer solutions:
    >>
    >> So what would you suggest as the best way to do the job:
    >> on the road access to my home network behind a linux firewall
    >> in a safe manner?
    >> Using standards.
    >> Guess it should be ipsec/vpn.
    >>
    >> Best
    >> Juergen

    >
    > openvpn?
    >
    > I found it very simple to set up.
    >
    >
    > Mark Atherton




  6. Re: Help on freeswan

    Juergen Loewner wrote:
    > Hi Mark,
    > I am now for some hours reading all I found on the internet
    > to this issue.
    > What I have seen so far I would agree to you.
    >
    > My concern is that openvpn is not that much a standard that I would be
    > able to access my home or others company WAN/LAN by the same
    > protocol.


    That is my understanding too. However I've only set it up on a wireless
    LAN for additional security, so I wouldn't know for certain. From your
    original email, that is not an immediate goal - you want to set up your
    own VPN. Why not get openvpn working - should take you an hour or two -
    then play with something more complicated later?

    Mark

  7. Re: Help on freeswan

    Mark,
    > own VPN. Why not get openvpn working - should take you an hour or two -
    > then play with something more complicated later?


    Thats exactly what I am gonna do.

    Best
    Juergen



  8. Re: Help on freeswan

    On 08.06.2006, Juergen Loewner wrote:
    > Stanislaw,


    Try responding below quote. I know that Outlook can do that.

    > I am new on ipsec/vpn.
    >
    > Before we discuss what problems I have (a bunch of it), lets
    > talk about newer solutions:
    >
    > So what would you suggest as the best way to do the job:
    > on the road access to my home network behind a linux firewall
    > in a safe manner?


    If you read www.freeswan.org a bit more carefully you may notice
    Openswan project, which is actively maintained. If you go a bit further
    you may notice strongSwan, another implementation of IPsec stack. Both
    Openswan and strongSwan have similar configuration, because both of them
    grew on FreeS/WAN.

    There is also ipsec-tools project, but I don't recommend it, as it's
    quite inconvenient in configuration an can be hard to set up for new
    user.

    > Using standards.
    > Guess it should be ipsec/vpn.


    If you want to stick to IPsec, you may want to read IPsec Howto and
    appropriate chapter of LARTC. Documentation for Openswan and/or
    strongSwan is a necessity (the latter doc is IMHO better).
    Quick look at RFC 2401 can be useful, too. But nothing more than quick
    look (it's hardly digestible). And some day you may want to debug IKE
    exchange; tcpdump aided by RFC 2409 will be invaluable.

    > "Stachu 'Dozzie' K." schrieb im
    > Newsbeitrag news:slrne8g2ir.tvb.dozzie@hans.zsh.bash.org.pl...
    >> On 08.06.2006, Juergen Loewner wrote:
    >>> I want to config freeswan on a just finished installation of a firewall
    >>> (Debian / LINUX) in a way that I can access my home network from anywhere
    >>> outside as I would be at home in my own net.

    >>
    >> You really don't want FreeS/WAN. This project is *dead* since 3 years.
    >> There are no updates, *even* security updates.
    >>
    >>> I just downloaded freeswan with its automatic installation on that
    >>> firewall.

    >>
    >> Why didn't you use packages from official repository?
    >>
    >>> The Firewall is simply iptables configuered with fwbuilder and works
    >>> fine.
    >>>
    >>> Now I get stuck.
    >>> All HOWTOs and google searches on freeswan haven't been really useful.

    >>
    >> And you have problem with...?
    >>
    >> --
    >> Feel free to correct my English
    >> Stanislaw Klekot

    >
    >



    --
    Feel free to correct my English
    Stanislaw Klekot

  9. Re: Help on freeswan

    "Juergen Loewner" wrote in
    news:e68m59$acj$1@news.citykom.de:

    > I want to config freeswan on a just finished installation of a firewall
    > (Debian / LINUX) in a way that I can access my home network from
    > anywhere outside as I would be at home in my own net.
    > I just downloaded freeswan with its automatic installation on that
    > firewall. The Firewall is simply iptables configuered with fwbuilder and
    > works fine.
    >
    > Now I get stuck.
    > All HOWTOs and google searches on freeswan haven't been really useful.
    >
    > Can somone help me howto proceed?
    > Or give me a hint where I will find some help?
    >
    > Best
    > Juergen
    >
    > P.S. on both sides of the firewall most stations are windows pc's.
    >
    >


    For that sort of thing IMO, you will be better off with OpenVPN as it will
    be easier to deal with windows clients. OpenVPN follows a client/server
    model versus the FreeS/WAN/Openswan scheme which is peer to peer.

    http://openvpn.net/

    As another poster said FreeS/WAN project itself is dead. If you do decide
    you want to go down that route then use Openswan or Strongswan.

    Klazmon.

+ Reply to Thread