From: Eugene Butan <psi@mikrotik.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] IPSec gateway configuration
Date: Mon, 21 Mar 2005 16:41:33 +0000 [thread overview]
Message-ID: <200503211841.33716.psi@mikrotik.com> (raw)
In-Reply-To: <423ED63F.6060309@xana.ro>
Hello Vlad,
Why just not to use PPPoE between your gateways and clients?
This way you will be sure that only authenticated clients will be given
Internet access.
Eugene
On Monday 21 March 2005 16:12, Vlad Adomnicai wrote:
> Hi,
> I'm trying to build an ipsec gateway and somewhere I'm doing something
> wrong.
>
> I have a couple of routers that have clients in their back. All the
> routers are connected into a switch. In that switch I also have a
> computer that provides internet access to the clients.
> I would like to setup some sort of autentification (don't need
> encryption), to allow me to give access to different services to
> clients. Diferenciating services I can do on the internet gateway, but
> on the routers I have to be certain that a certain IP is not stolen.
> I have set up ipsec so that if a client pings his gateway, it will
> work only if he has the same key as defined on the server. However, if
> he pings the internet gateway, it will work, no matter what I do. I
> would like the router to validate all packets to the outside LAN. Also I
> would like to achieve this with the lowest CPU utilization possible
> although this isn't critical. (about 150 clients behind one router
> (p2-400/p3-600)).
>
> The documentation that I have found was only how to establish secure
> connection between two computers, but what I need is to get outside of
> it and if possible to not use VPN, because I want the clients that are
> in the same LAN have maximum trasnfer speeds.
>
> Thx for any suggestions in advance.
>
> Vlad Adomnicai
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-03-21 16:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-21 14:12 [LARTC] IPSec gateway configuration Vlad Adomnicai
2005-03-21 16:41 ` Eugene Butan [this message]
2005-03-21 17:44 ` Vlad Adomnicai
2005-03-21 18:20 ` Eugene Butan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200503211841.33716.psi@mikrotik.com \
--to=psi@mikrotik.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.