i did the below, and restarted ipsec, and got an error about eth0, so i changed it back, then I started scanning the /var/log/syslog and noticed that port 500 was being denied :
Mar 9 14:46:43 firewall kernel: Packet log: input DENY eth0 PROTO=17 66.25.18.71:500 66.25.44.147:500 L=204 S=0x00 I=31 F=0x0000 T=62 (#41) now I modifed was able to get this to stop being denied on one side, but I cannot do it on the home side. I have a feeling I am just one step away, can someone push me in the right direction... joey ----- Original Message ----- From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 5:46 PM Subject: Re: [Leaf-user] ipsec errors > > Where do I check to see if protocol 50 packets are being allowed through? > > I'll be working more on it this weekend.. I'd really like to get this > > working so I'll try just about anything.. even possibly step/by/step > support > > via phone (I'd beg someone to call my 800 number for a little > assistance... > > The primary source is the output of "net ipfilter list", which shows you > exactly how your firewall rules are setup. You're looking for a line > allowing protocol 50, preferrably with non-zero byte/packet counts: > > 1843 356K ACCEPT 50 ------ 0xFF 0x00 eth0 <snip> > > You open protocol 50 traffic with the following in network.conf: > EXTERN_PROTO0="50 0/0" > > Of course, you can change the 0/0 (the entire internet) to the address (or > network) of your remote VPN link, if it's static. > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user