Hi there,
Below configurations work for me. It is a road warrior setup where all traffic
is routed through the responder/ShoreWall router. The interface to internet is
eth1. Hope it will help.
hosts
#ZONE HOST(S) OPTIONS
vpn eth1:192.168.75.0/24 ipsec
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
interfaces
#disabled due to routefilter may not be compatible with ipsec
#net eth1 detect
tcpflags,dhcp,routefilter,nosmurfs,logmartians,blacklist
net eth1 detect
tcpflags,dhcp,nosmurfs,logmartians,blacklist
masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
MARK
eth1 192.168.75.0/24
policy
#
# Policies for traffic originating from the VPN zone (vpn)
#
vpn net ACCEPT
vpn loc1 ACCEPT
vpn all REJECT info
rules
#
# Section where connections from the vpn network are regulated
#
Web/ACCEPT vpn dmz:192.168.7.7
DNS/ACCEPT vpn dmz:192.168.7.5
Submission/ACCEPT vpn dmz:192.168.7.7
SMTPS/ACCEPT vpn dmz:192.168.7.7
IMAP/ACCEPT vpn dmz:192.168.7.7
IMAPS/ACCEPT vpn dmz:192.168.7.7
tunnels
Should be ignored (Check <http://www.shorewall.net/VPNBasics.html#tunnels>),
but used for quick&dirty.
#TYPE ZONE GATEWAY GATEWAY
# ZONE
ipsecnat net 0.0.0.0/0 vpn
zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec mode=tunnel,mss=1360
Grtz,
Stefan
I cna tyep 300 wrods pet miunte!
> Op 6 dec. 2017, om 12:20 heeft Jason Timmins <ja...@mbmltd.co.uk> het
> volgende geschreven:
>
> <snat>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
