On 1/5/2014 1:58 PM, Tom Eastep wrote: > On 1/5/2014 1:39 PM, Axel Zöllich wrote: >>> Looks like you don't have the tunnel defined in /etc/shorewall/tunnels. >> >> The differance in the generated iptables is: >> ACCEPT esp -- anywhere 212.117.77.202 >> ACCEPT udp -- anywhere 212.117.77.202 udp dpt:isakmp >> ctstate NEW >> >> ACCEPT esp -- 212.117.77.202 anywhere >> ACCEPT udp -- 212.117.77.202 anywhere udp dpt:isakmp >> ctstate NEW >> >> With this rules in "rules" I shouldn't need "tunnels" any, more should I? >> >> >> But why did it work until refresh without this rules?
It probably worked without the rule because the firewall initiated the key exchange. If the remote gateway initiates key exchange, it won't work. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
