On Thu, Jan 04, 2007 at 08:46:24PM -0700, Joshua Perry wrote: > -GRE/IPSec is pretty industry standard at this point, our cisco gear > supports it, our Watchguard supports it, so if I needed to I would be able > to support something besides a remote pc host.
This is possibly the only good reason for using ipsec for something - compatibility with stuff like cisco kit. So maybe you do have reason for the pain. It's still not a reason to use GRE (that's intended for a provider-client relationship, where the client doesn't know about the guts of the provider's network). ipsec alone would probably suffice. > So, I guess this may over all be a configuration that is not supported by > shorewall. If that is the case I guess I have the options of managing the > chains by hand or using OpenVPN instead of GRE over IPSec. Oh, you can almost certainly get it to work with shorewall - it's just needlessly difficult to understand and debug the thing. The issue is not whether it's possible, but whether it's worth the effort. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
