Hi all
Hi everyone
Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public
fixed IP address on Internet interface. I am trying to establish IPSEC VPN
tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP
address. For this I am using dyndns.org alias on DI804 side.
Shorewall is stopping all packets comming from DI804 whey trying to
establish tunnel. Log on Shorewall machine looks like this:
Jan 16 18:31:35 FIREWALL kernel:
Shorewall:INT2all:DROP:IN=Internet_Interface OUT= MAC=***** SRC=DI804_IP
DST=Firewall_IP LEN=116 TOS=0x00 PREC=0x00 TTL=60 ID=191 PROTO=UDP SPT=500
DPT=500 LEN=96
Multiple IPSEC tunnels are active on Shorewall machine with all kinds of
equipment on other side (software and hardware VPN devices) but all of them
have fixed IP on other side. This is my first attempt to setup IP tunnel to
device with dynamic IP.
hosts file entry for this tunnel looks like this:
#ZONE HOST(S) OPTIONS
VPN18 Internet_Interface:192.168.1.0/24,router.dyndns.org ipsec
tunnel file has following in it:
#TYPE ZONE GATEWAY GATEWAY
ipsec INT Firewall_IP
On Shorewall and DI804 side is private C class subnets. All real IP
addresses and other security sensitive informations are replaced with
descriptions (Internet_Interface instead of ethxx, Firewall_IP instead of
public fixed IP on external firewall interface etc.).
Any hope for that tunnel to be established? Does shorewall support FQDN in
hosts file? Does it resolve it dinamically every time tunnel is to be
established?
Thanks, regards
Ivica
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV