[Shorewall-users] Problem setting up VPN client - novice question

Daniel Everett Thu, 28 Jun 2007 02:16:26 -0700

I am trying to set up a single PC (no LAN) as a VPN
client, using shorewall and racoon under Debian 4
(kernel 2.6.18). The PC is connected to a cable modem
on eth0.  I am finding that I can not even ping any
addresses on the remote LAN - the trace in
/var/log/messages does not show any communication with
the VPN gateway when I attempt it.


No errors are reported on during the start up of
shorewall. Running "shorewall show messages" gives the
error:

iptables: No chain/target/match by that name

However running "shorewall check" does not find any
problems with my kernel configuration. There is no
entry in the routing tables for the VPN gateway or
remote LAN. 

My shorewall configuration is:

/etc/shorewall/tunnels:

ipsec:noah      net     80.168.19.2

/etc/shorewall/hosts:

#ZONE   HOST(S)                                 OPTIONS
vpn    eth0:192.0.2.0/24        

/etc/shorewall/interfaces:

#ZONE   INTERFACE       BROADCAST       OPTIONS
vpn     ipsec0
net     eth0    detect dhcp     

/etc/shorewall/zones:

fw      firewall
vpn     ipv4            proto=esp,mode=tunnel
net     ipv4

/etc/shorewall/policy:

#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
$FW     vpn     ACCEPT  info
vpn     $FW     ACCEPT  info
vpn     net     ACCEPT  info
$FW     net     ACCEPT  info
net     all     DROP    info
all     all     REJECT  info

/etc/shorewall/rules:

#ACTION SOURCE          DEST            PROTO   DEST    SOURCE          
ORIGINAL        RATE
        USER/
#                                               PORT(S) PORT(S)         DEST    
        LIMIT           GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
ACCEPT   $FW            vpn:80.168.19.2      udp    
500
ACCEPT   vpn:80.168.19.2     $FW             udp    
500
ACCEPT   $FW            vpn:80.168.19.2      50
ACCEPT   vpn:80.168.19.2     $FW             50
ACCEPT   $FW            vpn:80.168.19.2      51
ACCEPT   vpn:80.168.19.2     $FW             51

Is there anything wrong with this configuration? 
Could there be another problem.  Any help would be
appreciated.

Daniel


      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Problem setting up VPN client - novice question

Reply via email to