Re: [Shorewall-users] VPN and sfilter

Fri, 17 Oct 2014 09:53:00 -0700 

On 10/17/2014 8:20 AM, Vernon Fort wrote:

> 
>>> And that address is in the 192.168.5.0/24 network?
> 
> NO - the 192.168.5.0/24 is a static VPN connection to another
> office.

So it is assigning an IP address in the 192.168.1.0/24 network? If so,
you can probably work around the sfilter problem by specifying
'routeback' on the enp3s7 interface in /etc/shorewall/interfaces.

> 
>>> Which is a little odd that I cannot ping or query DNS from the
>>> same server 2003 that issued the DHCP address.
>>> Cannot ping which hosts? Internet?
> 
> The 192.168.1.50 is a windows 2003 standard server running active
> directory/DNS/DHCP. A road warriors connection gets a DHCP assigned
> address from the server 2003 [192.168.1.50] but I cannot ping anything
> in the network.

Vernon -- please be specific. Do you mean that from the road warrior,
you cannot ping anything in the local LAN?


> Here is the connection setup:
> 
> # Laptop IKEv2
> conn houck-ikev2
>         left=50.240.105.225
>         leftsubnet=0.0.0.0/0    # dont restict network access, i.e. internet
>         leftcert=serverCert.pem
>         right=%any
>         rightsourceip=%dhcp
>         rightcert=houckCert.pem
>         keyexchange=ikev2
>         rightauth=pubkey
>         auto=start
> 

If setting 'routeback' doesn't correct the problem, please produce a
dump with the roadwarrior connected.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to