similar to: configuration for VPN

Hello all, I had setup shorewall before succesfully with a normal LAN to internet connection. Now I''m connected to the internet via VPN and I got problems with configuring Shorewall. Any help is appreciated. This is my setup: - Gentoo Linux laptop (kernel gentoo-dev-sources-2.6.8.1) with Shorewall 2.0.4 (setup for Standalone one interface) and iptables 1.2.11 - VPN client is

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

I''ve created an IPSec VPN using shorewall and racoon-tool under Debian 3.1. I''m not using the patched iptables/kernel for policy match, therefore I''m using the tunnels/hosts config method rather than the ipsec config file method. I''m running the latest 2.6.13 kernel. I have no problem getting my VPN connection up and running with one exception. Without

Hi all Hi everyone Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public fixed IP address on Internet interface. I am trying to establish IPSEC VPN tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP address. For this I am using dyndns.org alias on DI804 side. Shorewall is stopping all packets comming from DI804 whey trying to establish tunnel. Log on

Hi, I had a look at this page which describes a single VPN zone called "vpn": http://www.shorewall.net/IPSEC-2.6.html Is this the most current information? It is the top page found by Google for "shorewall ipsec" Is there any information about setting up multiple VPN zones for different classes of road warrior? E.g. lets say there are two classes of road warrior:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello! > > > Machine A > WAN IP: 123.123.123.111 > LAN IP: 192.168.177.1 > > > Machine A wants to connect through an IPsec tunnel to 192.168.176.2 tcp 110 (pop3). > > kernel: Shorewall:all2all:REJECT: > IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2 > LEN=60 TOS=0x10

Dear Shorewall Users :-) I''ve been playing with shorewall for some time now - I found it really interesting and easy tool to organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate

Hi all, I''ve been using Shorewall 1.42 for a month on two firewalls at work and my own personal colocated server and love it. While pretty familiar with iptables, I don''t like dealing with it on a daily basis, and Shorewall certainly makes life easier. I''ve deployed Shorewall on both our Toronto and Ottawa office firewalls, and have configured a FreeS/WAN IPSEC

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

I have problems connecting IPSEC VPN clients on the masqueraded network to outside VPN servers. It looks like this: ipsec-user | 192.168.1.10 (DHCP assigned) | | 192.168.1.1 fw-1 (shorewall, Linux 2.6) | 20.20.20.20 (internet) | 30.30.30.30 fw-2 (IPSEC VPN endpoint) | 192.168.100.1 | | 192.168.100.2 server ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his home

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

Dear shorewall users: I am going to implement VPN IPSEC pass through. Got shorewall as the main firewall interfacing the internet. I found Tom''s documentation on how to do it. The question is: there''s an argument that VPN pass through (pass through NAT) will undermine the importance of AH (source: freeswan site). Is it true? ------------------------ Lito Kusnadi

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC

Hello! I am running my linux box as a firewall in a bridge mode. Firewall is protecting a /24 network. I want to make that the bandwidth distributes equally to active nodes: if N nodes are accessing the internet simultaneous then each node gets bandwith/N. Is there any way to achieve this with shorewall? Thank you! BR, Jernej

Hello everyone, I''m not sure whether to place my question here or in the racoon mailing list or even in that of iptables. I have created an ipsec connection with racoon in tunnel mode to another gateway to connect one subnet on each side to each other. This works fine. Only the ipsec gateway itself can''t send packages to the opposite subnet. Shorewall is configured according

Hi, I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear FVS318. When trying to initialise the connection - ifup ipsec0 - I get the error: RTNETLINK answers: Network is unreachable This would lead me to believe shorewall is blocking ipsec. My config is below. The output of ''shorewall status'' is attached. Any help in pointing out if I''ve

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

Hi all I have succesfully set up PPTP VPN access to my company using PoPToP/pppd (thank you Tom for excellent documentation), everything works fine so far. Problem is security. As I understand it, since PPTP ports trough tunnel are opened to whole Internet (have to be), access verification is now based only on username/password combination. Can level of security be raised with MAC verification?