Installing and Configuring a Linux VPN Server (Part 2)

In order to ensure that any intermediate firewall (or your IPSec gateways configured as a firewall) passes traffic properly, the following rule sets need to be created. This assumes that you’re running iptables, but any firewall will allow you to establish the appropriate rules. For FreeS/WAN, we’ll need a rule that allows UDP port 500 traffic to pass (used for the tunnel negotiation process), and also allows ESP traffic to pass, which uses IP protocol 50. Configuring the rules will involve setting up the following filters:

iptables -A INPUT -p udp –sport 500 –dport 500 -j accept
iptables -A OUTPUT -p udp –sport 500 –dport 500 -j accept
iptables -A INPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT

Once you have your FreeS/WAN gateways set up, and firewall parameters properly configured, you’re off to the races. The design can be further extended to include multiple tunnels and roaming user configurations. To that end, FreeS/WAN is well documented and has a great mailing list where you can easily get all of your questions answered. Just be sure that you’ve consulted the documentation prior to asking, because you’re likely to be referred right back to it. Happy VPNing!

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.