In order to ensure that any intermediate firewall (or your IPSec gateways configured as a firewall) passes traffic properly, the following rule sets need to be created. This assumes that you’re running iptables, but any firewall will allow you to establish the appropriate rules. For FreeS/WAN, we’ll need a rule that allows UDP port 500 traffic to pass (used for the tunnel negotiation process), and also allows ESP traffic to pass, which uses IP protocol 50. Configuring the rules will involve setting up the following filters:
iptables -A INPUT -p udp –sport 500 –dport 500 -j accept
iptables -A OUTPUT -p udp –sport 500 –dport 500 -j accept
iptables -A INPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT
Once you have your FreeS/WAN gateways set up, and firewall parameters properly configured, you’re off to the races. The design can be further extended to include multiple tunnels and roaming user configurations. To that end, FreeS/WAN is well documented and has a great mailing list where you can easily get all of your questions answered. Just be sure that you’ve consulted the documentation prior to asking, because you’re likely to be referred right back to it. Happy VPNing!