hi list,
i have a problem to create a ipsec connection.
here my description
i have two locations with shorewall (3.2.9) firewalls.
location a: 172.31.0.0/20 - suse10.2 - kernel 2.6.18.2-34-default -
Policy Match: Available - eth2=wan - eth0=lan
location b: 172.31.16.0/20 - suse 10.0 - kernel 2.6.13-15.13-default -
Policy Match: Available - dsl0=wan - eth1=lan
so far they both work fine. now i want to connect them by ipsec.
i configured racoon
in /var/log/messages i can see 2 lines
Feb 23 12:11:46 fw racoon: INFO: IPsec-SA established: ESP/Tunnel
213.23.xxx.xxx[0]->87.139.xxx.xxx[0] spi=6115338(0x5d500a)
Feb 23 12:11:46 fw racoon: INFO: IPsec-SA established: ESP/Tunnel
87.139.xxx.xxx[0]->213.23.xxx.xx[0] spi=152085169(0x910a2b1)
in shorewall i useded this config:
/etc/shorewall/tunnels
a:
ipsec net 87.139.xxx.xxx
b:
ipsec net 213.23.xxx.xxx
/etc/shorewall/zones
a:
vpnb ipv4
net ipv4
fw firewall
loc ipv4
b:
vpna ipv4
net ipv4
fw firewall
loc ipv4
/etc/shorewall/hosts
a:
vpnb eth2:172.31.0.0/20,87.139.xxx.xxx ipsec
b:
vpna dsl0:172.31.16.0/20,213.23.xxx.xxx ipsec
/etc/shorewall/masq
a:
eth2 eth0
b:
dsl0 eth1
if i ping from a lanclient (location a) to a lanclient (location b) i get
this:
Feb 23 13:09:31 fw kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth2
SRC=172.31.10.2 DST=172.31.29.13 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=9068
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=27136
what is wrong here?
kind regards
peter
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
