Thank you Tom,
It seems straigforward to add another connection (my-local - his-dmz) in
'ipsec.conf' but I do not know how to add another zone and associate it in
'/etc/shorewall/interfaces'. Say I have second zone in
'/etc/shorewall/zones'
vpn VPN VPN local-network vpn2 VPN2 VPN dmz-network
and in '/etc/shorewall/tunnels' I have
ipsec net remote-IP vpn,vpn2
How do I represent them in '/etc/shorewall/interfaces' so that I can later
have policy to allow 'vpn2' to 'dmz', but not the other way.
/etc/shorewall/interfaces:
- ipsec0
/etc/shorewall/hosts:
vpn ipsec0:<his-local-subnet> vpn2 ipsec0:<his-dmz-subnet>
Also, is it possible for me to add Road Warrior (again I need to access
local and dmz) and they coexist with the permanent subnet-subnet? In that
case, how does Shorewall know which zone is permanent and which zone will be
up and down?
I have absolutly no clue what question you just asked...
-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
