FireBrick Road Warrior FireBrick Config: Difference between revisions
Content deleted Content added
lang=xml |
|||
| Line 62: | Line 62: | ||
The basic server config is in <tt>ipsec-ike</tt> containing a <tt>connection</tt> and <tt>roaming</tt> entry, e.g. |
The basic server config is in <tt>ipsec-ike</tt> containing a <tt>connection</tt> and <tt>roaming</tt> entry, e.g. |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ipsec-ike> |
<ipsec-ike> |
||
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="EAP" mode="Wait" local-ID="FQDN:server.example.com"/> |
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="EAP" mode="Wait" local-ID="FQDN:server.example.com"/> |
||
| Line 71: | Line 71: | ||
Each roaming user then needs an <tt>eap</tt> user record. |
Each roaming user then needs an <tt>eap</tt> user record. |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<eap name="fred" full-name="Fred Bloggs" password="[password]" subsystem="IPsec" methods="MSChapV2"/> |
<eap name="fred" full-name="Fred Bloggs" password="[password]" subsystem="IPsec" methods="MSChapV2"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 94: | Line 94: | ||
You will also want to look at the Firewall on the FireBrick and allow traffic where required, for example, to Allow the IPsec users to connect to the Internet via your PPPoE connections use something like: |
You will also want to look at the Firewall on the FireBrick and allow traffic where required, for example, to Allow the IPsec users to connect to the Internet via your PPPoE connections use something like: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<rule-set name="FromIPSec" source-interface="ipsec" no-match-action="continue"> |
<rule-set name="FromIPSec" source-interface="ipsec" no-match-action="continue"> |
||
<rule name="AllowInternet" target-interface="pppoe" action="accept"/> |
<rule name="AllowInternet" target-interface="pppoe" action="accept"/> |
||