Thanks! It works now. Config files: /etc/shorewall/interfaces - lo ignore net eth0 dhcp,optional,routefilter l2tp ppp0
/etc/shorewall/tunnels ipsec net xx.xx.xx.xx vpn (where xx.xx.xx.xx - "white" ip of IPSEC/L2TP server) /etc/shorewall/zones fw firewall net ipv4 vpn ipsec mode=transport l2tp ipv4 /etc/shorewall/hosts vpn eth0:0.0.0.0/0 /etc/shorewall/policy $FW all ACCEPT vpn net NONE net vpn NONE l2tp all ACCEPT net all DROP info all all REJECT info 2015-06-19 19:40 GMT+03:00 Tom Eastep <[email protected]>: > On 6/17/2015 12:01 PM, Иван Иванов wrote: > > 2015-06-17 18:55 GMT+03:00 Tom Eastep <[email protected]>: > >> >> > Shorewall documentation says: > " ZONE - zone > The zone of the physical interface through which tunnel traffic > passes. > This is normally your internet zone." > I think this means "net" zone. > > Yes -- my bad. > > You must remove the 'physical=+' option from the net zone. And since the > default route is out of eth0, you can also delete the 'routefilter' option. > > -Tom > > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his carhttp://shorewall.net > \________________________________________________ > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
