Tom Eastep schrieb:
-SNIP-
Have you tried my suggestion of configuring a single IPSEC zone?
-Tom
Yes, I followed your suggestion and made only one zone for all the
172.30.0.0/16 tunnels.
This works wonderful now and reduces restart times a lot.
BTW, our firewall is running SuSE 10.1 x86_64 .
So for now there is only one small thing left, that's the strange
behaviour about that
MTU size with 1350 bytes, which still is a myth to me.
Is it possible that my (rather small routers) can not find out about
MTU, because I am
blocking the type of ICMP-packets they need for discovering ?
Regards,
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
