Am Sonntag, 5. Januar 2014, 14:05:19 schrieb Tom Eastep: > On 1/5/2014 1:58 PM, Tom Eastep wrote: > > On 1/5/2014 1:39 PM, Axel Zöllich wrote: > >>> Looks like you don't have the tunnel defined in /etc/shorewall/tunnels. > >> > >> The differance in the generated iptables is: > >> ACCEPT esp -- anywhere 212.117.77.202 > >> ACCEPT udp -- anywhere 212.117.77.202 udp > >> dpt:isakmp ctstate NEW > >> > >> ACCEPT esp -- 212.117.77.202 anywhere > >> ACCEPT udp -- 212.117.77.202 anywhere udp > >> dpt:isakmp ctstate NEW > >> > >> With this rules in "rules" I shouldn't need "tunnels" any, more should I? > >> > >> > >> But why did it work until refresh without this rules? > > It probably worked without the rule because the firewall initiated the > key exchange. If the remote gateway initiates key exchange, it won't work.
You're absolutely right. I should got on this on my own :( Axel -- Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
