Hi!
Thanks to Tom''s excellent presentation on this topic, our new
Firewall is actually doing a great job in it''s test environment.
This was one thing keeping us from using Shorewall, 2.6 kernels and
IPSEC together.
We set up a test tunnel with OpenSwan residing on the shorewall itself.
It came up as expected. Great! Thanks Tom and whoever took part in
this development.
Our old shorewall does not have Free- or OPenswan running on it;
instead we route these packages to the IPSEC gateway running in the DMZ.
Our goal is to get these tunnels (72....sigh...) up an running with
the new setup I have to ask some questions. Sorry. We don''t want all
our customers to reconfigure their respective ends; at least not
before we have a redundant setup of shorewall and openswan.
What we did before was a DNAT on the shorewall to DMZ and a route
per tunnel.
This does not seem to work with the new implementation.
The tunnels from the DMZ gateway don''t get established.
Is there a way to configure such a setup via the /etc/shorewall files?
Thanks in advance,
Christian
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf