On Fri, 2007-08-24 at 18:57 +0200, Philipp Rusch wrote: > Tom Eastep schrieb: > > On Fri, 2007-08-24 at 18:35 +0200, Philipp Rusch wrote: > > > > > > > 53 IPSec-zones. > > > If I reduce the number of those ipsec entries, the script compiles ok, > > > and shorewall is running fine. > > > Is there an elegant way to reduce my number of ipsec zones ? > > > All remote ipsec-vpn-sides should be treated equal, there are exactly > > > the same > > > policies and rules for all of them. > > > Any hint would be great. > > > > > > > How are you defining your IPSEC zones in the current configuration? > > > > -Tom > > > > > > ____________________________________________________________________ > I will give you my config files with the reduced number of ipsec > tunnels. This runs at this moment. > As already said there should be 40+ more tunnels ....
Why don't you just make one zone: /etc/shorewall/zones: tuns ipsec mode=tunnel mss=1350,proto=esp mss=1350,proto=esp /etc/shorewall/hosts: tuns eth1:0.0.0.0/0 -Tom
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
