Helo to all, I am attempting to establish an IPSEC tunnel to a remote freeswan G/W with my laptop. My laptop sits in behind shorewall at home. From the documentation, this is what I Modified in Shorewall: /etc/shorewall/tunnels: ipsec loc 24.65.x.x /etc/shorewall/policy vpn loc ACCEPT loc vpn ACCEPT My question is, have I left anything out? Paul.
On Thursday 12 September 2002 09:40 am, Paul Seniuk wrote:> Helo to all, > > I am attempting to establish an IPSEC tunnel to a remote freeswan G/W > with my laptop. > My laptop sits in behind shorewall at home. From the documentation, this > is what I > Modified in Shorewall: > > /etc/shorewall/tunnels: > > ipsec loc 24.65.x.x > > /etc/shorewall/policy > > vpn loc ACCEPT > loc vpn ACCEPT > > > My question is, have I left anything out?Neither of those changes makes any sense. Assuming that you are masquerading/SNATing your local network, you just need a couple of rules: DNAT net:24.65.x.x loc:<laptop ip> udp 500 DNAT net:24.65.x.x loc:<laptop ip> 51 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Thursday 12 September 2002 03:11 pm, Paul Seniuk wrote:> ok...I misunderstood the TUNNELS then..it only applies to connections at > the virtual > interface: ipsecX . Actually, after I got my key issues straight on XP, I > established > an SA without even adding anyting to RULES.The rules are for re-keying and for messages from the remote end after a long period of inactivity. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net