I see support in shorewall for the KAME-tools, how about strongswan ?
I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my
vpn-gateway for the subnet behind it.
# Shorewall version 3.4 - Zones File
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
fil ipsec mode=tunnel mss=1400
net ipv4
loc ipv4
vpn1 ipv4
vpn2 ipv4
# Shorewall version 3.4 - Tunnels File
#TYPE ZONE GATEWAY GATEWAY
# ZONE
openvpnserver:7777 net 0.0.0.0/0
openvpnserver:7778 net 0.0.0.0/0
ipsec net 212.168.178.226
# Shorewall version 3.4 - Hosts file
#ZONE HOST(S) OPTIONS
fil eth1:192.168.246.0/24 ipsec
# Shorewall version 3.4 - Interfaces File
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect norfc1918,nosmurfs
loc eth0 detect
vpn1 tun0 (these are openvpn tunnels)
vpn2 tun1 ...
policy (for teseting only)
# IPSec - VPN
fil fw ACCEPT
fw fil ACCEPT
fil loc ACCEPT
loc fil ACCEPT
My problem is to reach the remote sites, from remote station to hosts on
the LAN behind the shorewall
there is no problem at all.
But how does shorewall "help" routing to recognize that those private
IPs are to be reached through the
ipsec tunnel ? There is no transfer net like with OpenVPN where I could
easily add routes by hand.
What am I doing wrong here ?
Thanks in advance for any hint.
Best regards from Germany,
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
