[leaf-user] Multiple VPNs in Bering 1.2

[Roger E McClurg]

My current  firewall uses Dachstein 1.02 and acts as a central site VPN 
device. I have numerous VPNs using the ipsec0 interface. Each VPN has a 
fixed address and of course different subnets.  I wish to replace the 
current firewall with Bering 1.2, but I am having problems configuring the 
VPNs on Shorewall.  I've read the Shorewall docs, but they are directed 
more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone 
(Tom?) show me how to do this, or point me to some existing documentation?

Roger



---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Multiple VPNs in Bering 1.2

[Tom Eastep]

On Mon, 9 Jun 2003 14:53:36 -0400, Roger E McClurg [EMAIL PROTECTED] 
wrote:

My current  firewall uses Dachstein 1.02 and acts as a central site VPN 
device. I have numerous VPNs using the ipsec0 interface. Each VPN has a 
fixed address and of course different subnets.  I wish to replace the 
current firewall with Bering 1.2, but I am having problems configuring 
the VPNs on Shorewall.  I've read the Shorewall docs, but they are 
directed more toward road-warrier VPNs, not numerous lan-lan tunnels. Can 
anyone (Tom?) show me how to do this, or point me to some existing 
documentation?

You might check the recent archives of the Shorewall mailing list -- this 
topic has come up a couple of times recently and there have been examples 
posted.

-Tom
--
Tom Eastep\ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Multiple VPNs in Bering 1.2

[M Lu]

Hi Roger,

Here is the message I sent to Shorewall mailing list.

M Lu.


- Original Message - 
From: M Lu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 12:10 AM
Subject: Re: [Shorewall-users] Two VPN connections (IPSEC)


 Hi,

 Tom just helped me on this issue a couple of days ago.

 This is what I do when I have 2 tunnels (subnet-subnet) to one site. You
 have 2 tunnels to 2 sites but should be similar

 /etc/shorewall/tunnels
 ipsec   net64.128.24.x   vpn,vpn2
 # You may need 2 lines here (each for diffrent remote IP)



 in /etc/shorewal/interfaces
 -   ipsec0


 in /etc/shorewall/hosts

 vpn ipsec0:192.168.15.0/24
 vpn2ipsec0:192.168.22.0/24

 and the corresponding rules and policy for vpn, vpn2 and your network.


 I hope that helps.

 M Lu.



 From: Phil Foxton [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: [Shorewall-users] Two VPN connections (IPSEC)
 Date: 03 Jun 2003 16:57:11 +0100
 
 Hi,
 
 I currently have a good setup running shorewall to protect my network at
 home, and it works fine if I just want to have a tunnel to one site
 (lets call it Challenge) but if I add a tunnel to another site (lets
 call it Stony), the tunnel comes up ok (I can see from ipsec look that
 the tunnels are there) but I cannot pass any traffic over them, even
 though I can send traffic over the original tunnel. Any ideas?
 
 RGDS
 
 Phil
 --
 Phil Foxton [EMAIL PROTECTED]
 Intelligent Maintenance Systems Ltd
 
 ___
 Shorewall-users mailing list
 Post: [EMAIL PROTECTED]
 Subscribe/Unsubscribe:
 http://lists.shorewall.net/mailman/listinfo/shorewall-users
 Support: http://www.shorewall.net/support.htm
 FAQ: http://www.shorewall.net/FAQ.htm

 _
 The new MSN 8: smart spam protection and 2 months FREE*
 http://join.msn.com/?page=features/junkmail

 ___
 Shorewall-users mailing list
 Post: [EMAIL PROTECTED]
 Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
 Support: http://www.shorewall.net/support.htm
 FAQ: http://www.shorewall.net/FAQ.htm





- Original Message - 
From: Roger E McClurg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 09, 2003 11:53 AM
Subject: [leaf-user] Multiple VPNs in Bering 1.2


 My current  firewall uses Dachstein 1.02 and acts as a central site VPN
 device. I have numerous VPNs using the ipsec0 interface. Each VPN has a
 fixed address and of course different subnets.  I wish to replace the
 current firewall with Bering 1.2, but I am having problems configuring the
 VPNs on Shorewall.  I've read the Shorewall docs, but they are directed
 more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone
 (Tom?) show me how to do this, or point me to some existing documentation?

 Roger



 ---
 This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
 thread debugger on the planet. Designed with thread debugging features
 you've never dreamed of, try TotalView 6 free at www.etnus.com.
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html