-----BEGIN PGP SIGNED MESSAGE----- On Saturday 09 August 2003 14:11, Ian Dale wrote: > I have a linux box (Readhat 8 2.4.18-14) configured with Shorewall firewall > (v1.4.5) and Freeswan ipsec (v2.01). The box has three NICS [loc(eth0), > net(eth1), dmz(eth2)] all assigned static IP addresses. The internet > connection is ADSL. *snip* > I've configured the box to work as a firewall/router with NAT which works > fine. PC's on LAN1 can access the internet with no problem. IPSEC has been > configured to provide a VPN between LAN1 and LAN2. When I enable freeswan > IPSEC, PC's on LAN1 can access PC'a on LAN2 fine, but they cannot access > the internet.
Easiest solution: turn off Opportunistic Encryption. Policy Groups are enabled by default in the 2.x series; the resulting change in routing is probably causing your firewall to drop packets. In any case, you don't need it for your VPN setup. http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/policygroups.html#disable_policygroups - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPzVEEEOSC4btEQUtAQHqGwP/Uk9wB1Kod15SZ6CoFYD4Z8NfmZR3/eXR gvtb32IkcqWL9VXoayIXaIWJ2YvK2fyovebE10H99VR9hOE7yWnuG2Xd6hIzVtTo JIdIeq5DEdZ4/9+6kEMTR4ea8I28te3tbIBCiqzRvo+I72qdJxx6q6qoI2SA7I5U oJNQEx9xM/c= =oTeY -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
