Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup..
I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall 1.1.11. I tried upgrading to a newer version of Shorewall, and things broke completely... The shell scripts do some things that BB ash doesn't like too much. On the other end, I have an identical setup, with the shorewall rules simplified, since they don't have the DMZ, and some of our other zones. They do however do IP Masq, where we actually have a Class C assigned to us (What can I say, I got it before they locked down :-) I believe that the masking is where my problem is.. The tunnel looks good when running the ipsec look command on both sides. When I ping/telnet to a "unrouted" IP for a machine on the other end, I see the ifconfig -ni RX-OK go up on the ipsec0 interface, and the TX-DROP also go up.. I've looked for what causes this, all I can come up with, is that the Masking is happening before it sends the traffic out the ipsec0 interface back to our location.. I see the same thing happen on our side if I try to ping from our router to their address (the TX-DROP increments. I tried the suggestions on the http://www.shorewall.net/IPSEC.htm page, but that didn't work. Thanks for any help, sorry if the cross posts offend anybody.. Bill Suetholz _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
