Based on the feedback earlier today regarding problems with ipchains, etc, I
made some amendments to some ipsec.conf templates:
In /etc/e-smith/templates/etc/ipsec.conf
In 30Connections
put a hash in front of every line similar to this
$result .= "\trightfirewall=$remoteNAT\n";
in 40LocalAttributes
put a hash in front of every line similar to this
$result .= "\tleftfirewall=yes\n\n";
Now:
[root@sme2 ipsec.conf]# ipsec eroute
192.168.1.0/24 -> 192.168.0.0/24 => [EMAIL PROTECTED]
192.168.1.0/24 -> 203.132.1.2/32 => [EMAIL PROTECTED]
203.132.2.2/32 -> 192.168.0.0/24 => [EMAIL PROTECTED]
203.132.2.2/32 -> 203.132.1.2/32 => [EMAIL PROTECTED]
[root@sme2 ipsec.conf]#
I can ping from one LAN all the way to the internal IP of the SME at the
other end of the tunnel, but I cannot yet ping from a machine in one lan to
a machine in the other.
Hope this helps (at least a little bit)
Hugh
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
