I just wanted to report an update of how my IPSEC over OPTx is working.
It's been a few days, now since I set up the manual rules on the OPTx
interface that I wanted to use for IPSEC. Since I set up the rules
listed in my previous post, my IPSEC VPN's over the OPTx interface are
working well and seem very stable.
Vaughn
Vaughn L. Reid III wrote:
Just to be thorough, I added two more rules to the firewall's OPT
interface to make sure all the IPSEC stuff gets through. I'm fuzzy on
if the last two are needed, but just to be safe, I added them.
Here are all the rule that I've added:
Rules in the format listed below:
Format: Protocol Source Port Destination Port
Gateway Schedule
1. UDP * * Interface IP Address 500 * Blank
2. ESP * * Interface IP Address * * Blank
3. AH * * Interface IP Address * * Blank
4. GRE * * Interface IP Address * * Blank
Vaughn
On Mon, 02 Apr 2007 20:43:38 -0400, "Vaughn L. Reid III"
<[EMAIL PROTECTED]> said:
Interesting,
This version of the firmware doesn't even list the VPN tunnel that is
configured for the OPT interface in the vpn section of /tmp/rules.debug.
The tunnel definition is listed in the GUI, and it's working with the
manual rules because I'm in the process of accessing remote resources
now.
In /tmp/rules.debug, however, it's like the vpn out the opt interface
just doesn't exist. I checked the firewall rules section of
/tmp/rules.debug, and the manual rules that I added are there.
Also, the firmware version that I was using when I started this thread
last week showed the VPN tunnel definition in /tmp/rules.debug, but it
showed the wrong interface.
Vaughn
On Mon, 2 Apr 2007 20:32:47 -0400, "Scott Ullrich" <[EMAIL PROTECTED]>
said:
On 4/2/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote:
Here are the rules for the interface in question that seem to make the
IPSEC tunnel work:
[snip]
Look in /tmp/rules.debug and search for IPSEC.
Do you see rules permitting traffic to the interface?
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
