On 1/17/2021 5:07 PM, Alex wrote: > Hi, > I sent a similar message a few weeks ago, but I'm still having a > problem that I can't figure out. I have a fedora32 system with a > libreswan IPsec server with shorewall-5.2.3.5 and having some trouble > configuring it to support connections from a WIndows IPSec VPN. The > Windows client connects properly, but it cannot communicate with the > local network. >
With the little time that I have, I will focus my attention on Shorewall bugs and will not be able to help beyond that. Note that the other members of the SPC are also lacking time for the project. > I already have a host-to-gateway VPN using libreswan between this > server and another Linux host working properly, but the Windows client > is configured differently with libreswan so it needs to connect to a > different network. > > What more info can I provide to help troubleshoot this? Is this > perhaps a routing problem? Perhaps a shorewall policy issue? What > could I be missing? I've printed my routing table below. > See (1). > The network looks like this: > Internet -> orion (68.195.111.42) -> internal network 1 (192.168.1.0/24) > -> internal > network 2 (192.168.6.0/24) > > internal network 2 is the network used for the Windows clients. I'd > like to be able to connect these clients to the internal network 1. I > can currently ping the internal network 2 from a Windows client > connected to the libreswan server. > > When trying to ping the internal network 1 from the Windows client, > there is no response, and using tcpdump appears to show no traffic. > > The external interface on the server is br0 and the internal network 2 > is on eth1:2. Is it necessary to add the eth1:2 interface (or just > eth1) to the hosts file for the VPN? > See (2). 1) https://shorewall.org/troubleshoot.htm 2) https://shorewall.org/Shorewall_and_Aliased_Interfaces.html -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
