search for: validtime

I have a zone "rw" defined as tun0 in interfaces. From that zone, pings to zone "loc" succeed but pings to remote networks (On IPsec VPNs) are rejected in the all2all chain. From my point of view, these pings should be in the rw2cctc chain. (rw to cctc is ACCEPTed in policy.) I must have a hole in my config, where would it be? Thanks, A.

Dear Shorewall Users :-) I''ve been playing with shorewall for some time now - I found it really interesting and easy tool to organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate

...gt; allocated: 15 hard: 0 soft: 0 > sadb_seq=0 pid=4820 refcnt=0 > > # setkey -DP > 192.168.3.0/24[any] 1.2.3.4[any] any > in prio def ipsec > esp/tunnel/5.6.7.8-1.2.3.4/require > created: Sep 3 17:11:49 2007 lastused: > lifetime: 0(s) validtime: 0(s) > spid=2184 seq=1 pid=4821 > refcnt=1 > 1.2.3.4[any] 5.6.7.8[any] any > in prio def ipsec > esp/tunnel/1.2.3.4-5.6.7.8/require > created: Sep 3 17:11:49 2007 lastused: Sep 3 17:55:24 2007 > lifetime: 0(s) validtime: 0(s) > s...

Hi, I''m asking my question here, because I could not find any answer to my problem, but I''m affraid shorewall is not the one to blame. First of all I''m using shorewall version 2.0.15 on two linux box. I set up an ipsec tunnel beetween those 2 boxes to be ables to connect 2 not routable subnetworks. Here is my network topology: 10.66.17.0/24 - 10.66.17.1 = eth0

...--- INTERNET ---> 82.234.240.117 -|B|- 192.168.0.0/24 On "B", setkey -DP gives the following: 192.168.0.0/24[any] 192.168.1.0/24[any] any out ipsec esp/tunnel/82.234.240.117-62.212.109.16/require created: Apr 27 12:18:35 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=313 seq=5 pid=5812 refcnt=1 When I try to ping the A router from the B router (using 192.168. addresses of course), packets are sent unencrypted. And I can''t figure out why. Does anyone have an idea? I''ve already set up such tunnels in the past (succe...