[vpn-help] EL6 client?
Kevin VPN
kvpn at live.com
Mon Mar 5 22:08:31 CST 2012
On 03/02/2012 05:52 PM, David G. Miller wrote:
> Kevin VPN<kvpn at ...> writes:
>
>>
>> On 02/26/2012 12:58 AM, David G. Miller wrote:
>>> Hi List -
>>>
>>> I'm looking into whether there is a way to get the Shrew Soft VPN client
>>> working with Red Hat Enterprise Linux 6.X (or clones such as Scientific
>>> Linux or CentOS).
> SNIP
>>>
>>> Has anyone looked into building a statically linked version of iked (the
>>> other pieces appear to work) under Fedora? Anyone succeed?
>>>
>>
>> Hi Dave, does this post help?
>>
>> http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
>>
> Hi Kevin -
>
SNIP
>
> Since nothing worked I came back to the article and started setting other
> rp_filer values to zero. I finally got a working solution by setting
> net.ipv4.conf.eth0.rp_filter to zero. Unfortunately, this opens a significant
> security hole. I can make attacking the vulnerability more difficult by
> setting up my firewall to only allow packets going to the VPN port from my
> VPN server. This doesn't stop someone from forging the source IP address.
Interesting discovery. It could be useful to someone despite the risks,
thanks for noting it.
> Any other suggestions would be appreciated. The goal is to have the VPN
> client on the Internet facing EL6 box that also serves as my router and have
> multiple boxes within my local network be able to connect to the VPN through
> a single client.
>
I don't have any suggestions for solving the issue specifically on
RHEL6, but someone was trying to do the same thing a little while ago
(one VPN client, client LAN routed through it) and it generated some
discussion. You could try reviving that thread and see what they ended
up doing:
http://lists.shrew.net/pipermail/vpn-help/2012-January/004224.html
More information about the vpn-help
mailing list