similar to: conditional routing based on tos/fwmark not working with ipsec

Dear Alexey, Sorry to bother you with this small question about nexthop syntax failing, but I haven''t found anyone else who can answer it - including Matthew Marsh or those on the lartc mailing list. The problem, with 2.2.19 and 2.2.20 kernels and versions of iproute2 up to iproute2-2.2.4-now-ss001007 (the most recent that compiles for me), is that this command does not work: # ip ro

Hi there. My name is Lucas and I''m from Argentina. Firstly, forgive me for my english since it is not my native languaje. Now, I''ve been reading on how to compile iproute2 and found that I need to add the following to my kernel, which in my case it is 2.4.20, and it is also the one which this document I read talked about: CONFIG_NETLINK=y CONFIG_RTNETLINK=y # CONFIG_NETLINK_DEV

Hello all, I''m using iproute2 + ipchains and have a question about locally generated packets. I have noticed that I have no problem marking packets in the input chain from sources other than my router. These packets are marked and routed exactly as I expect. Now supposing I want to mark particular outbound packets which are locally generated. The only solution I have found so far

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

Hi, still trying to understand one thing. I would definitely like to tell iptables to accept all packets coming from remote vpn only if they hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like ipsec0 device doesn't exist or it is not recognized. I red on the Openswan users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface (if I am

------------------ ---------| external ip eth0 | ---------- -------------------------- | |--------------------------- | -------| Internal IP eth1 | -------------------------- | |-------------------------- ---------| external Ip eth2 | ---------- -------------------------- i want to put web and ftp traffic

------------------ ---------| external ip eth0 | ---------- -------------------------- | |--------------------------- | -------| Internal IP eth1 | -------------------------- | |-------------------------- ---------| external Ip eth2 | ---------- -------------------------- i want to put web and ftp traffic to

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP

Hello lartc maintainers and users! I have a router with two NICs. One NIC is connected to the Internet and the other to my internal LAN. I made a script for priorizing interactive traffic. The script matches TOS Minimize-Delay for priorizing interactive trafic, and fwmark for metropolitan packets. I have two root classes (simulating two circuits) : 1:1 for internet and 1:3 for metropolitan.

I just got the list confirmation and noticed it''s text only email so here it is again in plain text. Below is the oringal message. Hi all, I am really struggling with this one, I have built a lot of linux machines using IPSEC tunnels and shorewall gateways. I decied to build a new test machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets on their own switches and

The version of Shorewall in the CVS development tree contains the first implementation of dynamic zones. While these zones are aimed at IPSEC Road Warriors, there is nothing ipsec-specific in the implementation except for a small extension in the tunnels file. There are two new commands: add and delete shorewall {add|delete} <interface>[:<host or subnet>] zone The interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I''m trying to setup a central IPSEC-Gateway with several ipsec tunnels. Some are to be routed over one leased line, some over the other leased line. Both leased lines have their own public ip adress. The setup looks kinda like this: eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1 /

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC

Hi, I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear FVS318. When trying to initialise the connection - ifup ipsec0 - I get the error: RTNETLINK answers: Network is unreachable This would lead me to believe shorewall is blocking ipsec. My config is below. The output of ''shorewall status'' is attached. Any help in pointing out if I''ve

I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

[ sorry for cross-posting this to newbies and users, but I''m a bit desperate to get this resolved ] This is strange... I had this working before without any problems, and recently we started to have some odd issues. I can''t be sure exactly what has changed as I''m unfortunately not the only person with access to the server. {sigh} The problem is that I pretty much