Shorewall users - Jun 2004 - Kernel 2.6 IPSEC tunnel

Hi:

I set up an ipsec tunnel using this (KERNEL 2.6.6):


192.168.1.0/24====166.114.abc.def/27======[INTERNET]======166.114.ghi.jkl/27
===192.168.2.0/24
[Subnet1]---------eth1[GW1]eth0-----======[INTERNET]======-eth0[GW2]eth1----
------[Subnet2]
                           |                                  |
                           |-----------------AH---------------|
                           ------------------ESP--------------|

The tunnel starts up as soon it sees traffic between eth0s or subnets.

Left Side:
=========
Interfaces:
-----------
eth1=192.168.1.1
eth0=166.114.abc.def

Route table:
------------
166.114.abc.def/27 dev eth2  scope link
192.168.2.0/24 dev eth0  scope link  src 192.168.1.1
192.168.1.0/24 dev eth1  scope link
default via 166.114.abc.xxx dev eth0



Right Side:
=========
Interfaces:
-----------
eth1=192.168.2.1
eth0=166.114.ghi.jkl

Route table:
------------
166.114.ghi.jkl/27 dev eth0  scope link
192.168.1.0/24 dev eth0  scope link  src 192.168.2.1
192.168.2.0/24 dev eth1  scope link
default via 166.114.ghi.xxx dev eth0



***My problem is***

Without shorewall everything works great, ping, traffic shapping... etc. But
with shorewall the tunnel does not work. Do i have to set up something
special for shorewall?

I will apreciate a lot any clue.

Thnks
Antonio

Antonio José Espinoza Palenque wrote:
> 
> I will apreciate a lot any clue.
> 
http://shorewall.net/IPSEC.htm -- READ CAREFULLY.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom:
> http://shorewall.net/IPSEC.htm -- READ CAREFULLY.
I did and I tried to set it up that way. However, after trying a lot and
some convinations i could not make it work.

Do you know some other docs about kernel 2.6, ipsec and shorewall?

Antonio

Antonio José Espinoza Palenque wrote:
> Tom:
> 
> 
>>http://shorewall.net/IPSEC.htm -- READ CAREFULLY.
> 
> 
> I did and I tried to set it up that way. However, after trying a lot and
> some convinations i could not make it work.
> 
> Do you know some other docs about kernel 2.6, ipsec and shorewall?
David Hollis''s email is the only 2.6 IPSEC/Shorewall documentation that
I know of.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Antonio José Espinoza Palenque wrote:
>> Do you know some other docs about kernel 2.6, ipsec and shorewall?
> 
> 
> David Hollis''s email is the only 2.6 IPSEC/Shorewall documentation
that
> I know of.
But be sure to note my warning about that email on the Shorewall IPSEC page.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Tom Eastep wrote:
> 
>> Antonio José Espinoza Palenque wrote:
> 
> 
>>> Do you know some other docs about kernel 2.6, ipsec and shorewall?
>>
>>
>>
>> David Hollis''s email is the only 2.6 IPSEC/Shorewall
documentation
>> that I know of.
> 
> 
> But be sure to note my warning about that email on the Shorewall IPSEC 
> page.
> 
  I''ve tried to integrate David''s email into the Shorewall
IPSEC page --
http://shorewall.net/IPSEC.htm

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net