[vpn-help] EL6 client?
David G. Miller
dave at davenjudy.org
Fri Mar 2 16:52:48 CST 2012
Kevin VPN <kvpn at ...> writes:
>
> On 02/26/2012 12:58 AM, David G. Miller wrote:
> > Hi List -
> >
> > I'm looking into whether there is a way to get the Shrew Soft VPN client
> > working with Red Hat Enterprise Linux 6.X (or clones such as Scientific
> > Linux or CentOS).
SNIP
> >
> > Has anyone looked into building a statically linked version of iked (the
> > other pieces appear to work) under Fedora? Anyone succeed?
> >
>
> Hi Dave, does this post help?
>
> http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
>
Hi Kevin -
I had run across that particular article in my searches. I checked
net.ipv4.conf.all.rp_filter and it was already set to zero. After posting my
request, above, I went back to searching plus building and installing 2.1.7
both from the archive here and from the FC16 source rpm. I also tried the
2.2.0 beta but always got the same result.
Since nothing worked I came back to the article and started setting other
rp_filer values to zero. I finally got a working solution by setting
net.ipv4.conf.eth0.rp_filter to zero. Unfortunately, this opens a significant
security hole. I can make attacking the vulnerability more difficult by
setting up my firewall to only allow packets going to the VPN port from my
VPN server. This doesn't stop someone from forging the source IP address.
Any other suggestions would be appreciated. The goal is to have the VPN
client on the Internet facing EL6 box that also serves as my router and have
multiple boxes within my local network be able to connect to the VPN through
a single client.
Thanks,
Dave
More information about the vpn-help
mailing list