I am using the Nortel/Netlock VPN client running on two machines. Firewall : Linux box running Mandrake 9.0 (sorry Tom!) conected to the net via ADSL. Running Shorewall. PC : Win2k networked to Linux box. Everything works fab, I can see the net from both machines. I can connect up to the VPN from the Win2k box and ping machines on the VPN. If I try starting up the VPN client on the Linux machine it connects ok, but I cannot ping any of the machines on the VPN. My tunnels file looks like this: ipsec net xxx.yyy.zzz.n My interfaces file looks like this: net ppp0 - loc eth0 detect vpn nlv0 - I put nlv0 in the interfaces file because that''s what I see when I type ifconfig when the netlock service is running and it''s connected. I did have it as ipsec0 at first, but it didn''t work. I am somewhat puzzled, as the VPN does run ok when running through the Firewall, but not when originating on it. I suspect it''s actually a Nortel VPN client (Netlock) problem, I have posted a question on their newsgroup too, but I thought it''d be prudent to check here too. Anyone got any suggestions? Cheers, Bill.
--On Thursday, December 05, 2002 09:33:10 PM +0000 Bill Corr <bill.corr@btinternet.com> wrote:> I am using the Nortel/Netlock VPN client running on two machines. > > Firewall : Linux box running Mandrake 9.0 (sorry Tom!) conected to the > net via ADSL. Running Shorewall. > > PC : Win2k networked to Linux box. > > Everything works fab, I can see the net from both machines. > > I can connect up to the VPN from the Win2k box and ping machines on the > VPN. If I try starting up the VPN client on the Linux machine it connects > ok, but I cannot ping any of the machines on the VPN. > > My tunnels file looks like this: > ipsec net xxx.yyy.zzz.n > > My interfaces file looks like this: > net ppp0 - > loc eth0 detect > vpn nlv0 - > > I put nlv0 in the interfaces file because that''s what I see when I type > ifconfig when the netlock service is running and it''s connected. I did > have it as ipsec0 at first, but it didn''t work. > > I am somewhat puzzled, as the VPN does run ok when running through the > Firewall, but not when originating on it. I suspect it''s actually a > Nortel VPN client (Netlock) problem, I have posted a question on their > newsgroup too, but I thought it''d be prudent to check here too. > > Anyone got any suggestions? > > Cheers, > > Bill. > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Thursday, December 05, 2002 09:33:10 PM +0000 Bill Corr <bill.corr@btinternet.com> wrote:> I am using the Nortel/Netlock VPN client running on two machines. > > Firewall : Linux box running Mandrake 9.0 (sorry Tom!) conected to the > net via ADSL. Running Shorewall. > > PC : Win2k networked to Linux box. > > Everything works fab, I can see the net from both machines. > > I can connect up to the VPN from the Win2k box and ping machines on the > VPN. If I try starting up the VPN client on the Linux machine it connects > ok, but I cannot ping any of the machines on the VPN. > > My tunnels file looks like this: > ipsec net xxx.yyy.zzz.n > > My interfaces file looks like this: > net ppp0 - > loc eth0 detect > vpn nlv0 - > > I put nlv0 in the interfaces file because that''s what I see when I type > ifconfig when the netlock service is running and it''s connected. I did > have it as ipsec0 at first, but it didn''t work. > > I am somewhat puzzled, as the VPN does run ok when running through the > Firewall, but not when originating on it. I suspect it''s actually a > Nortel VPN client (Netlock) problem, I have posted a question on their > newsgroup too, but I thought it''d be prudent to check here too. >There are a couple of possibilities that I can think of: a) You WON''T be able to ping the remote network from the firewall system if the client is setting up a net->net tunnel. b) Is the Nortel client setting up the correct routes through the tunnel to the remote network? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net