Here is my ipsec.conf and ipsec auto --status. Do you want to see all the configs I changed from shorewall? Doug #################### my ipsec.conf file: >>>>>>>> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=all plutoload=%search plutostart=%search uniqueids=yes # defaults for subsequent connection descriptions conn %default keyingtries=0 #added for sshSENT disablearrivalcheck=no keyexchange=ike ikelifetime=240m keylife=60m compress=no authby=secret pfs=yes auto=add #win2k vpn conn roadwarrior-net leftsubnet=172.16.0.0/16 also=roadwarrior conn roadwarrior right=%any left=12.144.99.39 leftnexthop=12.144.99.33 auto=add pfs=yes ########################## Here is the "ipsec auto --status" >>>>>> 000 interface ipsec0/eth0 12.144.99.39 000 000 "roadwarrior-net"[1]:
172.16.0.0/16===12.144.99.39---12.144.99.33...32.103.170.99 000 "roadwarrior-net"[1]: ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "roadwarrior-net"[1]: policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 "roadwarrior-net"[1]: newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2 000 "roadwarrior": 12.144.99.39---12.144.99.33...%any 000 "roadwarrior": ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "roadwarrior": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted 000 "roadwarrior": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 "roadwarrior-net": 172.16.0.0/16===12.144.99.39---12.144.99.33...%any 000 "roadwarrior-net": ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "roadwarrior-net": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted 000 "roadwarrior-net": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 #2: "roadwarrior-net"[1] 32.103.170.99 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2843s; newest IPSEC; eroute owner 000 #2: "roadwarrior-net"[1] 32.103.170.99 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #1: "roadwarrior-net"[1] 32.103.170.99 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 13642s; newest ISAKMP 000 #################### -----Original Message----- From: guitarlynn [mailto:guitarlynn@;cox.net] Sent: Tuesday, October 29, 2002 11:36 PM To: Simpson, Doug Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] (no subject) On Tuesday 22 October 2002 22:36, Simpson, Doug wrote: > I believe it is the firewall or a routing issue. Pardon my ignorance > but I do not know where to look next or what to test or disable. > Has anyone done this successfully? Bering (LRP) and FreeSwan and > SSHSentinel. > THank you for your time Yep, many people are running this setup without problems. We'll need some configuration information for Ipsec and Shorewall to have any clue to what might be wrong. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html