-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Hendrickx wrote: | Hi! thanks Charles for your reply, but I fear it didn't helped.. | | the subnet for the roadwarrior I got from here : | http://wiki.openswan.org/index.php/Openswan/ExtrudedSubnetRoadWarrior | | But I tried it now your way .. right=%defaultroute and I removed the | rightsubnet | | it's also not a shorewall problem, because I stopped it.. | And having temporarily opened all interfaces in routestopped
You might want to try 'shorewall clear' instead of stopped, or at least verify what rules you have in place. There should generally be either no rules with a default policy of accept, or just an accept all rule. It's not too hard to manually add these at the command line, if you think firewall rules might be an issue: iptables -I INPUT 1 -j ACCEPT iptables -I OUTPUT 1 -j ACCEPT iptables -I FORWARD 1 -j ACCEPT | I have altered the drawing/config to be simular to the current | implementation.. | | so on the roadwarrior it's still stuck at ipsec auto --up road.. | | some extra info: | using wireshark on eth0 I get this though: | source:192.168.2.2 dest:192.168.2.1 Protocol:ISAKPM Info:Identity | Protection (Main Mode) | | and that's all it repeates This is the road-warrior trying to start ipsec negotiations. Check on the leaf box (with tcpdump) and make sure you're receiving the packet. The leaf box should be responding with something (or logging why it's not). - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIEHgXLywbqEHdNFwRAiGNAJ0R8WvJ9s1G5zAlLjVlJlXs9rv7YwCglVz2 3kH1iaYe2hOlQkuR4Qm9gqk= =mCHm -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
