Antony Gelberg wrote: > Tom Eastep wrote: >> Antony Gelberg wrote: >>> This used to work with Linux 2.4. Can anybody assist? I suspect it is >>> to do with policy matching but I don't really know enough about the >>> detail to know where to go from here. I have put a dump at >>> http://www.wayforth.co.uk/Members/antony/shorewall_dump/. >> You appear to be doing IPIP encapsulation within the IPSEC SA. So you need >> to define the IPIP tunnel as well. >> >> /etc/shorewall/tunnels: >> >> #TYPE ZONE GATEWAY >> ipip vpn 82.68.107.174 >> > > Great, thank you! Just for my knowledge, how did you know that? We've > been using openswan like this for years and I've never even heard of IPIP.
From the dump (from /var/log/messages): Jan 19 15:52:24 all2all:REJECT:IN=eth0 OUT= SRC=82.68.107.174 DST=82.69.161.254 LEN=104 TOS=0x00 PREC=0x00 TTL=57 ID=18630 DF PROTO=4 Protocol 4 is IPIP. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
