Martin Chan
2002-Nov-25 09:10 UTC
[Shorewall-users] multiple ipsec tunnels between two gateway
Hi, I''m currently using shorewall 1.3.10. I have successfully using it with one ipsec connection to remote office. Both using freeswan 1.98b and linux 2.4.19 Network A --- Gateway A --- Internet --- Gateway B --- Network B The network to network connection works fine. However, there was some problem when I use both network to network and gateway to network connection. Both ipsec connections seems established successfully, but I can''t ping the other side. It seems the shorewall drop the packets. I have set the log level in policy to info, but I can''t see anything about the ESP packets on the log file. But if I stop the iptables, the ping can go through successfully. Could someone please tell me what need to change on shorewall config to allow gate to net connection? Regards, Martin Chan
Tom Eastep
2002-Nov-25 14:19 UTC
[Shorewall-users] multiple ipsec tunnels between two gateway
--On Monday, November 25, 2002 05:10:49 PM +0800 Martin Chan <martinc@milliontech.com> wrote:> Hi, > > I''m currently using shorewall 1.3.10. I have successfully using it with > one ipsec connection to remote office. Both using freeswan 1.98b and > linux 2.4.19 > > Network A --- Gateway A --- Internet --- Gateway B --- Network B > > The network to network connection works fine. > However, there was some problem when I use both network to network and > gateway to network connection. Both ipsec connections seems established > successfully, but I can''t ping the other side. It seems the shorewall > drop the packets. I have set the log level in policy to info, but I can''t > see anything about the ESP packets on the log file. But if I stop the > iptables, the ping can go through successfully. > > Could someone please tell me what need to change on shorewall config to > allow gate to net connection? >I can''t -- you''ve told us nothing about your Shorewall configuration so it''s impossible for me to tell you how to change it. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net