On 01/20/2012 12:35 PM, Chris Morley wrote: > Thanks for the reply Tom. > > Although i can connect internally to the L2TP server running on the > firewall, all external attempts do not work. I have checked and double > checked the procedure as below: > > 1) vpn added to zones: > #ZONE TYPE > vpn ipsec > l2tp ipv4 > net ipv4 > loc ipv4 > fw firewall > > 2) interfaces specified: > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 - dhcp,tcpflags,nosmurfs,logmartians > loc eth0 detect > dhcp,tcpflags,nosmurfs,routefilter,logmartians > l2tp ppp+ - >
With those definitions, the 'net' zone is a sub-zone of the 'l2tp' zone; but 'l2tp' is listed first which means that l2tp's rules get applied to traffic entering ppp0 rather than net's. Reverse the order of the zones declarations and see if things don't improve. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
