[vpn-help] EL6 client?
David G. Miller
dave at davenjudy.org
Tue Mar 6 11:56:03 CST 2012
Kevin VPN <kvpn at ...> writes:
>
> On 03/02/2012 05:52 PM, David G. Miller wrote:
> > Kevin VPN<kvpn at ...> writes:
> >
> >>
> >> On 02/26/2012 12:58 AM, David G. Miller wrote:
> >>> Hi List -
> >>>
> >>> I'm looking into whether there is a way to get the Shrew Soft VPN client
> >>> working with Red Hat Enterprise Linux 6.X (or clones such as Scientific
> >>> Linux or CentOS).
> SNIP
> > I finally got a working solution by setting net.ipv4.conf.eth0.rp_filter to
> > zero. Unfortunately, this opens a significant security hole.
>
> Interesting discovery. It could be useful to someone despite the risks,
> thanks for noting it.
>
You're welcome.
> > The goal is to have the VPN client on the Internet facing EL6 box that also
> > serves as my router and have multiple boxes within my local network be able
> > to connect to the VPN through a single client.
> >
>
> I don't have any suggestions for solving the issue specifically on
> RHEL6, but someone was trying to do the same thing a little while ago
> (one VPN client, client LAN routed through it) and it generated some
> discussion. You could try reviving that thread and see what they ended
> up doing:
> http://lists.shrew.net/pipermail/vpn-help/2012-January/004224.html
>
I'm pretty sure I can solve the routing issues which is what that thread is
mainly about. I was just hoping to get a solution that didn't involve opening
any additional rp_filter settings.
Any idea why the client works fine under Fedora 16 but not under EL6? I found
out that a number of the dependent libraries changed between EL6 and FC16 by
simply trying to install the FC16 rpm on EL6. This goes back to my original
question about building a statically linked version with the FC16 libraries. Or
do the differences go deeper?
Cheers,
Dave
More information about the vpn-help
mailing list