PROBLEM: Shorewall gives the following log message, and no traffic will pass through the VPN. This is an attempt to ping a PC on the otherside of the VPN endpoint. Jan 12 13:48:41 localhost Shorewall:FORWARD:REJECT:IN=eth2 OUT=ipsec0 SRC=192.168.1.xxx DST=192.168.5.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=42007 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=39424
I am configuring a linux firewall to act as a vpn endpoint. The
remote endpoints are all commercial vpn routers.
I have a Debian Etch base install { debian_version = 4 }
I have Openswan installed { Linux Openswan 2.4.6 (klips) }
- I have recompiled the kernel to include KLIPS modular support
{kernel = 2.6.18-i686}
- I have also compiled the KLIPS module for Openswan
I am using the debian shorewall package { Shorewall-3.2.6 }
I have attempted previously to configure everything the "new" way,
using the vanilla debian kernel and follow all the documentation.
However the documentation was so outdated and scrambled that I was not
able to get anywhere with even basic troubleshooting. I am also much
more familiar with the Freeswan implementation (which this whole thing
is an upgrade for), so I reconfigured debian to support an ipsec+
interface. The VPN side of everything was easy (even using racoon)
and has never been a problem. Getting shorewall to play nice with
VPN's seems to be my only hanging point.
Any help would be greatly appreciated.
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
