Alan Murrell
2003-Oct-21 20:27 UTC
[Shorewall-users] Shorewall + IPSec setup: some questions
Hello,
I am attempting to setup IPSec for a VPN with another
network, which is *not* runnig Shorewall on the other
side. Here are the vitals:
Mandrake 9.1
Shorewall 1.3.14
FreeS/WAN 1.99
Shorewall is setup for NAT, which is needed because it
is sitting in front of a web server (Shorewall answers
to the web server''s external IP, and forwards it to
it''s internal IP)
I have the following:
--- /etc/shorewall/tunnels ---
ipsec net 1.2.3.4
--- /etc/shorewall/tunnels ---
The value I have for ''1.2.3.4'' is the
''right='' value
in the ''ipsec.conf'' file (just before the
''rightsubnet='' value)
However, the connection cannot seem to be established,
and the Client seems to think it has to do with the
NAT.
I did read on the Shorewall IPSec page a bit about how
if one side is NAT''d, then the *other* side has to use
''ipsecnat'' in the ''tunnels'' file. However,
the other
side is not running a Shorewall firewall.
Has anyone got an example of a similar setup:
- Shorewall running NAT
- trying to connect to a non-Shorewall on the other
side
Just to be clear: on both sides, the ''ipsec'' is
running okay (''ipsec verify'' on both sides is
successful).
Any help you can lend in this matter is greatly
appreciated.
Sincerely,
Alan Murrell <silkbc@yahoo.com>
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
Tom Eastep
2003-Oct-21 20:41 UTC
[Shorewall-users] Shorewall + IPSec setup: some questions
On Tue, 21 Oct 2003, Alan Murrell wrote:> > Just to be clear: on both sides, the ''ipsec'' is > running okay (''ipsec verify'' on both sides is > successful). >So, if you "shorewall clear" then the tunnel works perfectly? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net