FYI...
---------- Forwarded Message ----------
Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall
Date: Thursday 23 September 2004 07:44
From: "Jonathan Schneider" <jon@clearconcepts.ca>
To: "''Tom Eastep''" <teastep@shorewall.net>
I must have been up too late working on this, looking at it the next day I
noticed I completely forgot to allow icmp... all is working well now,
thanks for the excellent docs on the Shorewall site btw.
Jon
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Wednesday, September 22, 2004 3:30 PM
To: shorewall-users@lists.shorewall.net
Cc: Jonathan Schneider
Subject: Re: [Shorewall-users] 2.6 kernel ipsec and shorewall
On Wednesday 22 September 2004 12:04, Jonathan Schneider
wrote:> I set up an ipsec/racoon vpn tunnel test environment. The gateway
machines
> are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and
> 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10.
>
> The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an
> vice versa and they can both use the net via NAT, however 192.168.0.30 and
> 192.168.0.31 cannot directly talk and neither workstation can directly
talk
> to those 2 IP addresses either. I carefully read through
> http://shorewall.net/IPSEC.htm to get it working to the extent that it is.
> I am not sure if the fix lies in the ipsec/racoon configs or shorewall but
> I have pretty much run out of ideas.
If you "shorewall clear", does it work? If not, it is an ipsec/racoon
issue.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
