[olug] Home network, firewall, vpn design..
Phil Brutsche
phil at brutsche.us
Wed Feb 18 01:46:42 UTC 2004
Ken wrote:
> My primary objective with the OpenBSD firewall was to be "cheap &
> secure" and make use of the P100. Obviously the P100 would make a
> pretty crappy VPN server so I had wanted to use the resources on the
> internal Linux server for that without directly exposing it to the
> internet.
Don't underestimate how fast one of those things can be. PIX-501s are
actually about the same CPU speed, and the PC has a better PCI bus and
memory subsystem.
> So, in light of that I have one other idea.. I've been doing some
> reading on using OpenBSD/pf as a Transparent Packet Filter with no NAT
> or IP address: http://ezine.daemonnews.org/200207/transpfobsd.html
[...]
> So, trying again, does anyone have any thoughts on this? I've never
> tried running a transparent packet filter but have to admit it seem
> rather enticing (and cool). I'd be especially curious to know if anyone
> could still see a potential conflict with the VPN..
As long as you configure the pf rules right it won't make much of a
difference. You just need to make sure you let through UDP 500 (for IKE
key exchange) and IP protocols 50 and 51.
--
Phil Brutsche
phil at brutsche.us
More information about the OLUG
mailing list