Hi Erich, I did not want to go into detail, until I understood the operation of both shorewall and ipsec. I am still a little confused about shorewall, but the key seems to be the tunnels file.
ipsec was failing and I assumed it was shorewall. It turns out that it wasn't shorewall at all, but the configuration of ipsec.conf. I think when I have got this truly working, I may provide a post on my findings. Thanks for your input anyway. Regards, Simon. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erich Titl Sent: 03 April 2003 16:07 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering Ipsec and Shorewall rules Simon At 14:07 03.04.2003 +0100, you wrote: >Please can someone confirm whether the Shorewall Tunnels file internally >manages the UDP Port 500 and Protocols 50 and 51? > >Or do I need to create rules? > >I have created the tunnel files as per documentation on the Bering site and >Shorewall. But I am currently unable to get ipsec working between two >firewalls. I am assuming at this point that something is blocking the path. It is best if you tell the list what _exactly_ you did. Even if you made no errors at all (to the best of your knowledge) it is quite difficult to answer such a general question without knowledge what happens _exactly_. Being unable to get ipsec working is not what I would call an exact description of an error. Maybe you should consult your log file for shorewall entries, and you may want to reset the counters in the iptables and see where messages go through. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html