Hi, I recently upgraded a two-interface box from 2.x to 3.2.6 on Debian Etch, Linux 2.6.17. We run openswan on the box as well for road warriors. I have read http://www.shorewall.net/IPSEC-2.6.html, but no dice. I note that the link mentions raccoon, but I hope that openswan works with this setup, as we have always used it and these things aren't trivial to configure.
A ping to a machine behind the VPN (192.168.168.10) returns a tcpdump from the firewall like this: 16:08:36.972191 IP 82.69.161.254 > 82.68.107.174: ICMP host 82.69.161.254 unreachable - admin prohibited, length 112 82.69.161.254 is the public address of the firewall. 82.68.107.174 is the router that my road warrior is sitting behind. The IPsec SA comes up with no problem and all other firewall services work. When I stop shorewall, my pings from road warrior to vpn zone do work. This used to work with Linux 2.4. Can anybody assist? I suspect it is to do with policy matching but I don't really know enough about the detail to know where to go from here. I have put a dump at http://www.wayforth.co.uk/Members/antony/shorewall_dump/. Antony ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
