Okie-dokie, here is my sanity check... Establish IPsec connection ...done Tear down IPsec connection ...done Remove rules from config ...done save ...done backup ...done reboot ...done Establish IPsec connection ...done ...what? ...it failed every other time! urgh!
All has now been revealed... [sigh]. My misconception in this was based on the belief that my rules actually were having an effect. This being due to the fact that I was never able to bring the tunnel up prior to adding the rules. In all fairness it had been quite a while since I had tried to establish an ipsec connection through my Bering box and it now seems entirely likely that their was something else in the path that was blocking my connection. This something else seems to have been fixed thus I am now able to make a connection without any trouble and without any extra rules. I only tunnel in to check my mail and such then I take down the tunnel so in all likelihood I would never even need Tom's extra rules. On the other hand if I was attempting to maintain constant connectivity between my workstation and the far end then I would possibly begin to see trouble because the rules would not be in place to allow the other end to initiate a key exchange. I realize that I am repeating things that Tom has already said, I just didn't understand them before because I was /confused/. Thanks Tom, your patience through this was much appreciated. Regards, Eric -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 10:39 AM To: Eric B Kiser Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Testing IPsec pass-through On Fri, 3 May 2002, Eric B Kiser wrote: > Very interesting, Tom... Thanks for taking the time to get into more detail. > > I have modified my rules back to your original suggestion, however, I still > have one question. > > [snip] > In order for either of rules [2] to have been invoked, the ORIGINAL > destination IP would have had to have been in your local network; clearly > that is never going to be the case (my point from the last post). You may > as well remove the rules since they will never do anything. > [end snip] > > These rules did do "something". They made it possible for me to bring up the > tunnel. I understand the importance of doing it as per your example, I > changed my rules accordingly. If I understand you correctly, based on the > snip above, my rules shouldn't have worked at all? > No -- the two rules you added had NO EFFECT WHATSOEVER on the outcome. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html