All you need is to add another entry in the tunnels file for the admx zone.
-Tom On 9/2/2015 8:29 AM, Chop Wow wrote: > Okay so maybe I am overthinking this. Would a feasible approach be: > > 1. Add the second external IP to as eth0:0 > > 2. In rules, DNAT 4500 and 500 to Zywall in admx zone: > DNAT net admx:<Zywall IP> udp 500 - <eth0:0 IP> > DNAT net admx:<Zywall IP> udp 4500 - <eth0:0 IP> > > As per http://shorewall.net/VPN.htm > > Thanks again > > On Thu, Jun 4, 2015 at 1:11 PM, Chop Wow <[email protected] > <mailto:[email protected]>> wrote: > > Hi All, > > I have Libreswan/Xl2tpd IPSec/L2TP VPN running on the firewall > appliance. > As such I have the zones/interfaces/tunnel (see below) and > standard rules associated with the VPN. > > A user in the admx zone has acquired a hardware stack that > requires IPSEC/L2tp connection to connect to it. It has its own > VPN/router. > > Can I define a second passthrough IPSEC tunnel to the user > hardware and not affect my existing VPN on the Shorewall appliance? > > Thanks, > > ~Chop > > > > Shorewall version: 4.5.16.1 > > interfaces > ------------ > net eth0 > dhcp,tcpflags,nosmurfs,routefilter,sourceroute=0,blacklist > loc eth1 tcpflags,nosmurfs,routefilter > l2tp ppp+ > cpp eth2 tcpflags,nosmurfs > dc1 eth3 tcpflags,nosmurfs > admx eth4 tcpflags,nosmurfs > ovpn tun+ > > zones > ------------- > fw firewall > net ipv4 > vpn ipsec > l2tp ipv4 > loc ipv4 > cpp ipv4 > dc1 ipv4 > admx ipv4 > ovpn ipv4 > > tunnel > ------------ > ipsec net 0.0.0.0/0 <http://0.0.0.0/0> vpn > openvpnserver:tcp:443 net 0.0.0.0/0 <http://0.0.0.0/0> > > > > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
