Hello,
I'm using dachstein-cd 1.1 and ipsec. I've used the old linux router 2.9.4
with ipsec, but i had to add a few lines in the ipchains to allow ipsec to
work.
what is the theory on getting it to work with the new dachstein cd?
here's what i had in the old version, but i don't see the corresponding rules
in the new dachstein version.
# Forward anything from IPSEC tunnel and except all input from IPSEC tunnel
ipchains -A forward -j ACCEPT -i ipsec0 -s 0/0 -d 0/0
ipchains -A input -j ACCEPT -i ipsec0 -s 0/0 -d 0/0
# ipsec incoming/outgoing
for CURGW in $IPSECSG; do
$IPCH -A input -j ACCEPT -i $EXTERN_IF -p udp -s $CURGW 500
$IPCH -A output -j ACCEPT -i $EXTERN_IF -p udp -d $CURGW 500
$IPCH -A input -j ACCEPT -i $EXTERN_IF -p 50 -s $CURGW
$IPCH -A output -j ACCEPT -i $EXTERN_IF -p 50 -d $CURGW
done
I've changed the
EXTERN_UDP_PORTS to allow the remote ipsec machine to use UDP port 500, and
EXTERN_PROTO0 to allow proto 50 from the remote ipsec machine, but what about
the rules to allow traffic through the ipsec0 interface?
thanks,
jim mcdonagh
_____________________________________________________________________
This Outbound message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
