[Vuurmuur-users] IPSec tunnel (not pass-through) and Vuurmuur

Wed, 13 Jul 2011 06:31:04 -0700 

Hi

I have a trouble with ipsec tunnel (not pass-through) and vuurmuur.

10.10.0.1 <-- vuurmuur fw --> 212.98.16*.* < --- internet ---> 80.249.8*.*
<-- adsl router --> 192.168.1.1

                 <----------------------------------------------->
                                                               ipsec tunnel

Without Vuurmuur all OK

setkey -f /etc/setkey.conf && racoon -v -d -f /etc/racoon/racoon.conf

route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.10.0.1

Test:
>From Vuurmuur FW: ping 192.168.1.1 - OK
>From ADSL router: ping 10.10.0.1 - OK

But after install and configure Vuurmuur ping over tunnel don't work

interfaces: inet_iface eth0 212.98.16*.*
                lan_iface eth1 10.10.0.1

services: ipsec -
                       UDP:500
                       UDP:4500
                       AH:
                       ESP:

zones: inet.internet (0.0.0.0/0.0.0.0), interface: inet_iface
           main.lan (10.10.0.0/24), interface: lan_iface
           branche.lan (192.168.1.0/24) interface: lan_iface

rules:
any | internet to firewall (any)
any | firewall (any) to internet

any | firewall (any) to branche.lan
any | branche.lan to firewall (any)
any | main.lan to branche.lan
any | branche.lan to main.lan

Test:
>From Vuurmuur FW: ping 192.168.1.1 - nothing
>From ADSL router: ping 10.10.0.1 - nothing

in log racoon:
2011-07-11 17:40:53: INFO: IPsec-SA established: ESP/Tunnel
80.249.8*.*[0]->212.98.16*.*[0] spi=67667205(0x4088505)
2011-07-11 17:40:59: INFO: IPsec-SA established: ESP/Tunnel
212.98.16*.*[500]->80.249.8*.*[500] spi=128975639(0x7b00317)

Tunnel is UP but ping don't work

in Log Vuurmuur:
Jul 11 17:23:51: ACCEPT ipsec 80.249.8*.* -> firewall(inet_iface) (in: eth0
80.249.8*.*(00:1e:14:01:*:*):500 -> 212.98.16*.*(00:0c:29:b2:*:*):500 UDP
len:108 ttl:61)
Jul 11 17:23:56: ACCEPT ping firewall(lan_iface) -> 192.168.1.1 (out: eth0
10.10.0.1 -> 192.168.1.1 ICMP type 8 code 0 len:84 ttl:64)

In what may be the problem?

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users

Reply via email to