> Thank you very Charles, I will modify the RSA key in the config when I > get home. > > In the network.conf I have > > EXTERN_PROTO0="50 0/0" > EXTERN_PROTO1="51 0/0" > > and > > EXTERN_UDP_PORTS="0/0_500" > > on both sides > > so I think I do not have to set firewall=yes, right?
You are correct. With the above entries in network.conf, you do not need FreeS/WAN to generate firewall holes for the IPSec packets. An additional side benifit of using network.conf to create the firewall rules is you can modify your firewall rules while running (ie edit network.conf and run "net ipfilter reload") without bringing down any VPN tunnels. If you use the FreeS/WAN [left|right]firewall=yes to do this, you have to shut down IPSec, reload your firewall rules, the re-start ipsec. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
