Simon Buckner wrote: > The above instructions use Racoon to create the IPSEC VPN but > unfortunately Racoon doesn't support the same encryption protocols as > the Draytek that is used at the other end. Therefore I have used > OpenSwan (NETKEY as opposed to KLIPS) as that provides a very nice > match.
Shorewall configuration with racoon and NETKEY and openswan and NETKEY is exactly same! > I have already raised this issue with the Openswan mailing list and > they have confirmed my IPSEC configuration is currect and that the > problem is caused by Shorewall/iptables masquerading the packets > destined for the tunnel. As yet I have not worked out which entry in > which file would prevent the IPSEC packets from being MASQ'ed. All > the examples I've looked at seem to relate to Racoon which creates an > interface for each tunnel (e.g. IPSEC0) whereas Openswan/NETKEY > doesn't. Racoon only recognizes NETKEY and will never create ipsec0 interface like openswan + klips. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
