On 01/15/2016 10:36 AM, i...@volny.cz wrote: > Hello, > > I've been using Shorewall for IPSec VPN servers for ages without any problem. > Because of the dynamic routing I added GRE over IPSec and it works fine. The > problem is that in case the IPSec tunnel dies (e.g. not reliable line), the > GRE still transports data itself. However, in this case all the data is > unencrypted. > > Is there a way to allow GRE only over IPSec tunnel? >
Simply REJECT gre from fw -> all after an ACCEPT gre from fw -> ips0. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
