Re: [Shorewall-users] Shorewall 3.4.4 interop with strongswan 4.1.4

Philipp Rusch Tue, 10 Jul 2007 03:11:26 -0700

Tom Eastep schrieb:

Philipp Rusch wrote:

Do I have to add tunnel-src and/or tunnel-dst entries into the columns
"in-options2/"out options" in
shorewall's zones file to make it recognize my ipsec-tunnel(s) ?


No.


-Tom

Tom,
I feel rather dumb now ...
To cure my MSS / MTU problem I did add to /etc/shorewall/zones:

#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall

fil ipsec mode=tunnel mss=1400,proto=espmss=1400,proto=esp

net     ipv4
loc     ipv4

But this changes nothing...

Shall I send a "shorewall-dump"-file ?

Regards,
--

Mit freundlichen Grüßen,
Philipp Rusch

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Shorewall 3.4.4 interop with strongswan 4.1.4

Reply via email to