Re: [Shorewall-users] Shorewall 3.4.x - Error when (re) starting - segmentation fault

Fri, 24 Aug 2007 09:57:56 -0700 

Tom Eastep schrieb:

On Fri, 2007-08-24 at 18:35 +0200, Philipp Rusch wrote:
53 IPSec-zones. If I reduce the number of those ipsec entries, the script compiles ok, and shorewall is running fine. Is there an elegant way to reduce my number of ipsec zones ? 
All remote ipsec-vpn-sides should be treated equal, there are exactly
the same policies and rules for all of them. 
Any hint would be great.


How are you defining your IPSEC zones in the current configuration?

-Tom
------------------------------------------------------------------------
I will give you my config files with the reduced number of ipsec tunnels. This runs at this moment. 
As already said there should be 40+ more tunnels ....

Thanks in advance for your time.  :-)

--

Mit freundlichen Grüßen,
Philipp Rusch


#
# Shorewall version 3.4 - Zones File
#
# For information about this file, type "man shorewall-zones"
#
# For more information, see http://www.shorewall.net/Documentation.htm#Zones
#
###############################################################################
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
n01     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
n02     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f01     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f03     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f04     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f05     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f06     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f08     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f10     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f12     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f13     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f54     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f55     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
f56     ipsec           mode=tunnel     mss=1350,proto=esp      
mss=1350,proto=esp
net     ipv4
loc     ipv4
vpn1    ipv4
vpn2    ipv4
vpn3    ipv4
vpn4    ipv4
vpn5    ipv4
vpn6    ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

#
# Shorewall version 3.4 - Hosts file
#
# For information about entries in this file, type "man shorewall-hosts"
#
# For additional information, see http://shorewall.net/Documentation.htm#Hosts
#
###############################################################################
#ZONE   HOST(S)                                 OPTIONS
n01     eth1:192.168.246.0/24                   ipsec
n02     eth1:192.168.128.0/24                   ipsec
f01     eth1:172.30.1.0/24                      ipsec
f03     eth1:172.30.3.0/24                      ipsec
f04     eth1:172.30.4.0/24                      ipsec
f05     eth1:172.30.5.0/24                      ipsec
f06     eth1:172.30.6.0/24                      ipsec
f08     eth1:172.30.8.0/24                      ipsec
f10     eth1:172.30.10.0/24                     ipsec
f12     eth1:172.30.12.0/24                     ipsec
f13     eth1:172.30.13.0/24                     ipsec
f54     eth1:172.30.54.0/24                     ipsec
f55     eth1:172.30.55.0/24                     ipsec
f56     eth1:172.30.56.0/24                     ipsec
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE

#
# Shorewall version 3.4 - Tunnels File
#
# For information about entries in this file, type "man shorewall-tunnels"
#
# See http://shorewall.net/Documentation.htm#Tunnels for additional
# information.
#
###############################################################################
#TYPE                   ZONE    GATEWAY         GATEWAY
#                                               ZONE

openvpnserver:7777      net     0.0.0.0/0
openvpnserver:7778      net     0.0.0.0/0
openvpnserver:7779      net     0.0.0.0/0
openvpnserver:7780      net     0.0.0.0/0
openvpnserver:7781      net     0.0.0.0/0
openvpnserver:7782      net     0.0.0.0/0
ipsec                   net     212.168.178.226         #N01
ipsec                   net     212.168.168.56          #N02
ipsec                   net     80.152.176.144          #F01
ipsec                   net     80.152.175.78           #F03
ipsec                   net     80.152.174.93           #F04
ipsec                   net     80.152.176.102          #F05
ipsec                   net     80.152.175.7            #F06
ipsec                   net     80.152.176.145          #F08
ipsec                   net     80.152.175.74           #F10
ipsec                   net     80.152.168.84           #F12
ipsec                   net     80.152.175.79           #F13
ipsec                   net     80.152.175.89           #F54
ipsec                   net     80.152.179.34           #F55
ipsec                   net     80.152.175.73           #F56
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to