On Thu, Jan 04, 2007 at 08:46:24PM -0700, Joshua Perry wrote:
> -GRE/IPSec is pretty industry standard at this point, our cisco gear
> supports it, our Watchguard supports it, so if I needed to I would be able
> to support something besides a remote pc host.

This is possibly the only good reason for using ipsec for something -
compatibility with stuff like cisco kit. So maybe you do have reason
for the pain. It's still not a reason to use GRE (that's intended for
a provider-client relationship, where the client doesn't know about
the guts of the provider's network). ipsec alone would probably
suffice.

> So, I guess this may over all be a configuration that is not supported by
> shorewall.  If that is the case I guess I have the options of managing the
> chains by hand or using OpenVPN instead of GRE over IPSec.

Oh, you can almost certainly get it to work with shorewall - it's just
needlessly difficult to understand and debug the thing. The issue is
not whether it's possible, but whether it's worth the effort.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to