Shorewall Admin User wrote:> Hello All, > > I am needing some direction on configuring my firewall to allow access > for VPN, openswan. The openswan ipsec is running on one of my systems > that are in the DMZ, which I use Proxy-ARP to get access to since I have > extra static IP addresses. I am new to shorewall and to openswan but I > have both of them configured and running, but I am unable to get a > connection from my laptop to my server that is running ipsec. > > My question is.... on the firewall what do I need to allow ipsec traffic > to pass onto the vpn (openswan server) Do I need an entry in the zones > file, if so, what do I put there, also what do I need in the rules file > to pass that traffic onto the vpn server. >http://shorewall.net/VPN.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Shorewall Admin User wrote: > >> Hello All, >> >> I am needing some direction on configuring my firewall to allow access >> for VPN, openswan. The openswan ipsec is running on one of my systems >> that are in the DMZ, which I use Proxy-ARP to get access to since I have >> extra static IP addresses. I am new to shorewall and to openswan but >> I have both of them configured and running, but I am unable to get a >> connection from my laptop to my server that is running ipsec. >> My question is.... on the firewall what do I need to allow ipsec traffic >> to pass onto the vpn (openswan server) Do I need an entry in the >> zones file, if so, what do I put there, also what do I need in the >> rules file to pass that traffic onto the vpn server. > > > http://shorewall.net/VPN.htmAnd since you are using Proxy-ARP, the incoming rules can be simple ACCEPT rules rather than DNAT rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hello All, I am needing some direction on configuring my firewall to allow access for VPN, openswan. The openswan ipsec is running on one of my systems that are in the DMZ, which I use Proxy-ARP to get access to since I have extra static IP addresses. I am new to shorewall and to openswan but I have both of them configured and running, but I am unable to get a connection from my laptop to my server that is running ipsec. My question is.... on the firewall what do I need to allow ipsec traffic to pass onto the vpn (openswan server) Do I need an entry in the zones file, if so, what do I put there, also what do I need in the rules file to pass that traffic onto the vpn server. TIA