Finally have a shorewall 4.0.5 system running with multiple isps and ipsec vpns.
Looking good so far :-) Have a few questions. I have the following in start: ip rule delete prio 200 table 200 ip route del table 200 ip route add 192.168.0.0/16 via 192.168.2.254 dev eth0 table 200 ip rule add prio 200 table 200 ..................................... 192.168.0.0/16 is the net of all the vpns 192.168.2.254 is the ip of the local network interface. This allows outgoing traffic to the vpn from the firewall. Is there a shorewall way to do this? Next are not really really shorewall issues but related. In debian etch they start openswan ipsec in rcS.d. This starts ipsec before bind. Rather annoying in this case as the box is the master dns for the domain and it seems silly to use ips. I have been concerned about maintaining qos through the vpns. From what I'm seeing the eps packets get the tos of the original packets. That saves a lot of problems. I'm thinking of doing vpn as gre through ipsec. Will this still happen? Thanks John ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
