[vpn-help] EL6 client?

Kevin VPN kvpn at live.com
Mon Mar 5 22:08:31 CST 2012


On 03/02/2012 05:52 PM, David G. Miller wrote:
> Kevin VPN<kvpn at ...>  writes:
>
>>
>> On 02/26/2012 12:58 AM, David G. Miller wrote:
>>> Hi List -
>>>
>>> I'm looking into whether there is a way to get the Shrew Soft VPN client
>>> working with Red Hat Enterprise Linux 6.X (or clones such as Scientific
>>> Linux or CentOS).
> SNIP
>>>
>>> Has anyone looked into building a statically linked version of iked (the
>>> other pieces appear to work) under Fedora? Anyone succeed?
>>>
>>
>> Hi Dave, does this post help?
>>
>> http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
>>
> Hi Kevin -
>
SNIP
>
> Since nothing worked I came back to the article and started setting other
> rp_filer values to zero.  I finally got a working solution by setting
> net.ipv4.conf.eth0.rp_filter to zero.  Unfortunately, this opens a significant
> security hole.  I can make attacking the vulnerability more difficult by
> setting up my firewall to only allow packets going to the VPN port from my
> VPN server.  This doesn't stop someone from forging the source IP address.

Interesting discovery.  It could be useful to someone despite the risks, 
thanks for noting it.

> Any other suggestions would be appreciated.  The goal is to have the VPN
> client on the Internet facing EL6 box that also serves as my router and have
> multiple boxes within my local network be able to connect to the VPN through
> a single client.
>

I don't have any suggestions for solving the issue specifically on 
RHEL6, but someone was trying to do the same thing a little while ago 
(one VPN client, client LAN routed through it) and it generated some 
discussion.  You could try reviving that thread and see what they ended 
up doing:
http://lists.shrew.net/pipermail/vpn-help/2012-January/004224.html



More information about the vpn-help mailing list