4. IPSEC forward to LAN

IPSEC forward to LAN

  • T

    Is there anything fundamentally wrong with running IPSEC on the LAN interface and port forwarding from WAN and WAN2 (I have 2 wan connections).  I want to do this rather than run on the WAN interface as I want the tunnel to be available to users whether they use WAN or WAN2.  Other than making the settings a little more complicated, are there security implications that I should be worried about?

    0
  • Rebel Alliance Developer Netgate

    There shouldn't be anything to worry about, security-wise, doing it that way. You might have some issues with IPsec+NAT in that way, but it may be OK. I suspect that if it works at all it may be fine.

    0
  • T

    After more investigation, it does indeed work properly doing what I suggested above.

    I also noticed in the newer builds that when raccoon is started it binds to all interfaces current IP addresses.  If I understand correctly, whatever interface that is set in the phase 1 setup, hidden firewall rules are automatically added to allow ports 500/4500 UDP for that interface.  So what I did was set WAN 1 in the phase 1 setup and then on WAN2 I manually opened 500/4500 UDP.  This also works.  What I would like to know is what is the "best" way to do this from a security and not getting broken on upgrades perspective.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy