> I would think you would want:
> interfaces:
> - eth0 routefilter=0,logmartians=1
> hosts:
> vpn eth0:172.58.43.0/24
> net eth0:0.0.0.0/0
>
> I'm assuming 172.58.43.0/24 is a private subnet (RFC1918).
>
> Bill
172. is from my phone on a national carrier, and could be anything depending
on where I am. I don't have anything in hosts.
Tom's right, I should have included the standard details; I was so distressed
at the time I didn't think of it. For two weeks I have been unable to make the
StrongSwan Android app connect to my very first VPN, StrongSwan on CentOS.
There were no Shorewall messages and I was getting despondent. Then I tried
the phone's 'add a VPN' function (instead of the SS app) and I got these noted
blockages! I am not notified of Shorewall blockages and I don't understand why.
The Shorewall support docs says I must have ipsec-tools installed, and I did
not. Its raccoon daemon is specifically for ikev1 and I'm only running v2, but
there may be some other function it provides. It's not called as a dependency
of CentOS package StrongSwan though, which I don't understand. When I
installed ipsec-tools and restarted the SS daemon, it didn't change things;
500 is still blocked.
Internet is otherwise working on this machine. I've forwarded the
shorewall_dump to Tom.
I'm trying to connect from my phone at 29.124.236.116 to my router (KVM VM
running CentOS) at 50.35.109.212, NATted through router 192.168.111.1 to the
IPSec gateway at 192.168.111.16. The errors and dump are from this last
gateway machine. I don't know what 172.58.43.* has to do with anything.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
