FreeSwan VPN

[penguin69]

I currently have a IPCop firewall 1.6 running successfully and everything is swell. I am using it for a VPN connection to a Cisco PIX, which is working correctly as well. IPcop actually uses FreeSwan and I am becoming more and more familiar with the command line version of it.

My question comes in with access control. I would like to be able to control which remote IP addresses are able to access which local ip address and also maybe port control as well.

I am thinking that I need to use IPtables, but I am really not sure and was hoping that someone could point me in the right direction.

Thanks for any help that you can provide.

Ken

 

[segment]

Which is local and which is remote...

IPCop(Local), Pix(Remote)

Either of these should give you the option of creating a rule between them, e.g:

PIX(REMOTE) pass in from IPCOP(Local) and vice versa. Or did you mean a specific machine located within either the local or remote firewalls. In either case, you should be able to specify ranges on both ends to pass in/block out.

 

[penguin69]

Hi Segment,

IPCop is Local and the Cisco Pix is remote. You are correct that I could build the access control from the PIX side, but I don't own the PIX, I own the FreeSwan side. I would like to be able to build the access control from the Freeswan, but I don't know how. Can you explain how to do this?