Erich Titl wrote: >Izzi > >Izzy Blacklock wrote: > > >>I've been fighting through a problem getting my openswan connections >>working correctly under bering uclibc version 3.0 beta 3. The symptoms >>of the problem are that I can bring up the vpn, but I can't access the >>other side. I found that if I didn't load shorewall, then the problem >>went away, so I assumed it was a firewall problem. I later found that >>if I restarted ipsec after a fresh boot, that things would work as >>expected. >> >>I think I've tracked it down to ipsec loading before shorewall. I seem >>to recall having this problem before, and came to the same conclusion. >>When I check the /etc/rc2.d dir on my old router, I have the following: >> >>S41shorewall >>S42ipsec >> >>The ipsec.lrp package has it as S21ipsec. Changing it to S42ipsec, >>seems to solve the problem. The specific change is to modify >>/etc/init.d/ipsec and change this line: >> >>RCDLINKS="0,K19 1,K19 2,S21 3,S21 4,S21 5,S21 6,K19" >> >>to >> >>RCDLINKS="0,K19 1,K19 2,S42 3,S42 4,S42 5,S42 6,K19" >> >>...Izzy >> >> > >The shorewall log should reveal the problem, possibly because it is >blocking some IPSEC traffic. Are you absolutely certain you configured >your ipsec stuff within shorewall correctly? > >cheers > >Erich > > > > Sadly, shorewall doesn't seem to be logging anything for me. Not sure why yet, but I'm working on it. The shorewall log is empty, despite needing to be created before it will run, and there is no shorewall log entries in any of the other log files :(
As for the ipsec config in shorewall, as far as I know it is correct. I added the shorewall tunnels entry, created the ipsec interface and zone. I'm not sure the specifics of the problem (the symptoms are as above), but after making the change above, the problem goes away. I seem to recall having this same problem with a past version of leaf, and came to the same conclusion then. Of course, it's possible this is a problem in my configuration. Do others have this working without making this change? ...Izzy ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
