Shorewall users - Jun 2002 - VPN+IPSEC+SHOREWALL

On Fri, 21 Jun 2002, Daniele Davolio wrote:
> Hello,
> 
> i''m trying to setup an IPSEC VPN with F-Secure VPN+ and a Linux
Box
> Gateway with FreeSwan and Shorewall.
> 
> The VPN work right untill the shorewall is started.
> 
> When i start shorewall, the ESP trafic leaving the firewall is tunneled
> into the ipsec0 interface instead the eth0 interface??!!
> 
> The result is that the comunication between my PC Client and the Linux
> Box don''t work.
> 
> Of Course, no packet or errors are Logged!!
> 
> I do not understand the reason for this...please help me!
> 
All that Shorewall does for an IPSEC tunnel is to open UDP port 500 and 
ESP in both directions. From your description, it sounds like your routing 
table is being changed when Shorewall is starting. Do you include any 
additional commands in /etc/shorewall/start? Are you using Proxy ARP?

Please:

a) Start your tunnel with Shorewall stopped.
b) Capture the output of "route -n"
c) Start Shorewall
d) Capture the output of "route -n"

Are the two routing table snapshots different?

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

On Fri, 21 Jun 2002, Daniele Davolio wrote:
> Well,
> i compared the output and there is no difference.
> But with a lot of Luck i solved my problem! It was a problem with tos!
> I modifyed the tos file
>
> With the original tos file the VPN work OK! But...i dont know why...:D
Interesting! Thanks for the update.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net