[Shorewall-newbies] will not pass vpn's

Skip Palin spalin at montana.com
Wed Dec 17 05:48:29 PST 2003

Hi all,
Shorewall 1.4.8
Iptables 1.2.7a
RH 9 Kerenl-2.4.23

My problem is, that we have an xp-box (VPN is Checkpoint NG) and an
nt-box (VPN is Fort Knox) that need to vpn in to two different sits and
so far it is not working.
Compiled the kernel with AH,ESP and Linux FreeS/WAN 2.04.
I do an ipsec verify and get 
Checking your system to see if IPsec got installed and started
Version check and ipsec on-path					[OK]
Linux FreeS/WAN 2.04
Checking for KLIPS support in kernel				[OK]
Checking for RSA private key (/etc/ipsec.secrets)
Checking that pluto is running
Two or more interfaces found, checking IP forwarding		[OK]
Checking NAT and MASQUERADEing

Opportunistic Encryption DNS checks:
Looking for TXT in forward map: (firewall)
Does the machine have at least one non-private address?		[FAILED]
I have two interfaces and one does have a public IP

NG did exchange keys and so did fort Knox.
NG sends isakmp SYN's to port 500 to the remote, so I opened port 50,51
and 500 tcp and udp, still will not work.
If I take the firewall out of the equation it works fine.
I have gone over everything so many times that, what I am missing is
right there in front of me but it all looks correct.
Any help to steer me in the right direction would be appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shorewall.net/pipermail/shorewall-newbies/attachments/20031217/31c23f76/attachment.htm

More information about the Shorewall-newbies mailing list