more /etc/vuurmuur/textdir/services/IPSEC
ACTIVE="Yes"
TCP="1024:65535*443"
UDP="500*500"
UDP="10000*10000"
UDP="1024:65535*4500"
UDP="1024:65535*389"
UDP="500*1024:65535"
UDP="4500*1024:65535"
ICMP="0:0*0:0"
GRE="0*0"
AH="0*0"
ESP="0*0"
PROTO_41="0*0"
BROADCAST="No"
HELPER=""
COMMENT=""
>________________________________
>From: netspy -------------------- <[email protected]>
>To: [email protected]
>Sent: Wednesday, July 13, 2011 12:36 PM
>Subject: Re: [Vuurmuur-users] IPSec tunnel (not pass-through) and Vuurmuur
>
>
>In syslog there are records
>
>Jul 13 19:29:15 test-ipsec kernel: [111994.243602] martian source 10.10.0.1
>from 192.168.1.1, on dev eth0
>
>until I try to ping 192.168.1.1 from Vuurmuur FW
>
>
>13 июля 2011 г. 16:01 пользователь netspy -------------------- <[email protected]>
>написал:
>
>Hi
>>
>>I have a trouble with ipsec tunnel (not pass-through) and vuurmuur.
>>
>>10.10.0.1 <-- vuurmuur fw --> 212.98.16*.* < --- internet ---> 80.249.8*.*
>><-- adsl router --> 192.168.1.1
>>
>> <----------------------------------------------->
>> ipsec tunnel
>>
>>Without Vuurmuur all OK
>>
>>setkey -f /etc/setkey.conf && racoon -v -d -f /etc/racoon/racoon.conf
>>
>>route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.10.0.1
>>
>>Test:
>>From Vuurmuur FW: ping 192.168.1.1 - OK
>>From ADSL router: ping 10.10.0.1 - OK
>>
>>But after install and configure Vuurmuur ping over tunnel don't work
>>
>>interfaces: inet_iface eth0 212.98.16*.*
>> lan_iface eth1 10.10.0.1
>>
>>services: ipsec -
>> UDP:500
>> UDP:4500
>> AH:
>> ESP:
>>
>>zones: inet.internet (0.0.0.0/0.0.0.0), interface: inet_iface
>> main.lan (10.10.0.0/24), interface: lan_iface
>> branche.lan (192.168.1.0/24) interface: lan_iface
>>
>>rules:
>>any | internet to firewall (any)
>>any | firewall (any) to internet
>>
>>any | firewall (any) to branche.lan
>>any | branche.lan to firewall (any)
>>any | main.lan to branche.lan
>>any | branche.lan to main.lan
>>
>>Test:
>>From Vuurmuur FW: ping 192.168.1.1 - nothing
>>From ADSL router: ping 10.10.0.1 - nothing
>>
>>in log racoon:
>>2011-07-11 17:40:53: INFO: IPsec-SA established: ESP/Tunnel
>>80.249.8*.*[0]->212.98.16*.*[0] spi=67667205(0x4088505)
>>2011-07-11 17:40:59: INFO: IPsec-SA established: ESP/Tunnel
>>212.98.16*.*[500]->80.249.8*.*[500] spi=128975639(0x7b00317)
>>
>>Tunnel is UP but ping don't work
>>
>>in Log Vuurmuur:
>>Jul 11 17:23:51: ACCEPT ipsec 80.249.8*.* -> firewall(inet_iface)
(in: eth0 80.249.8*.*(00:1e:14:01:*:*):500 ->
212.98.16*.*(00:0c:29:b2:*:*):500 UDP len:108 ttl:61)
>>Jul 11 17:23:56: ACCEPT ping firewall(lan_iface) -> 192.168.1.1
(out: eth0 10.10.0.1 -> 192.168.1.1 ICMP type 8 code 0 len:84 ttl:64)
>>
>>In what may be the problem?
>>
>
>------------------------------------------------------------------------------
>AppSumo Presents a FREE Video for the SourceForge Community by Eric
>Ries, the creator of the Lean Startup Methodology on "Lean Startup
>Secrets Revealed." This video shows you how to validate your ideas,
>optimize your ideas and identify your business strategy.
>http://p.sf.net/sfu/appsumosfdev2dev
>_______________________________________________
>Vuurmuur-users mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
>
>
>
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
