Stephen: Heya. Presuming that you're using one of the Dachstein versions, you need to do 3 things to get "passthru" IPSec masquerading to work:
1. As Charles said, you need to open UDP-500 and protocol (not port) 50. 2. You need to uncomment the "ip_masq_ipsec" line in /etc/modules, backup etc, and reboot. 3. You need to use the "ipfwd" utility to forward the IPSec connection across your firewall to your target machine. The traditional ipmasqadm utility only groks packet types of protocol 1 (ICMP), 6 (TCP), and 17 (UDP). If you get stuck, see the echowall.rules file, in the IPSEC section. cheers, Scott >>> Do you have an image that is setup to pass IPSEC or do I have to patch >>> in those modules and rules again. > > > >You're in luck. The Dachstein kernels come pre-patched for VPN-Masquerade, > >so all you have to do is load the modules, and open a couple ports to get > >IPSec masquerading working. > > Can you provide instructions on which modules to load and which ports to > open for IPSec masquerading to work ? _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user