[Shorewall-newbies] will not pass vpn's

Francesca C. Smith fsmith at ladylinux.com
Wed Dec 17 13:07:41 PST 2003


Hello,

Please post your configurations ...

Francesca
On Wed, 2003-12-17 at 07:48, Skip Palin wrote:
> Hi all,
>=20
> Shorewall 1.4.8
>=20
> Iptables 1.2.7a
>=20
> RH 9 Kerenl-2.4.23
>=20
> My problem is, that we have an xp-box (VPN is Checkpoint NG) and an
> nt-box (VPN is Fort Knox) that need to vpn in to two different sits
> and so far it is not working.
>=20
> Compiled the kernel with AH,ESP and Linux FreeS/WAN 2.04.
>=20
> I do an ipsec verify and get=20
>=20
> Checking your system to see if IPsec got installed and started
> correctly:
>=20
> Version check and ipsec on-path                                 [OK]
>=20
> Linux FreeS/WAN 2.04
>=20
> Checking for KLIPS support in kernel                            [OK]
>=20
> Checking for RSA private key (/etc/ipsec.secrets)             =20
> [OK]
>=20
> Checking that pluto is
> running                                                  [OK]
>=20
> Two or more interfaces found, checking IP forwarding            [OK]
>=20
> Checking NAT and MASQUERADEing
>=20
> Opportunistic Encryption DNS checks:
>=20
> Looking for TXT in forward map: (firewall)                    =20
> [MISSING]
>=20
> Does the machine have at least one non-private address?       =20
> [FAILED]
>=20
> I have two interfaces and one does have a public IP
>=20
> NG did exchange keys and so did fort Knox.
>=20
> NG sends isakmp SYN=E2=80=99s to port 500 to the remote, so I opened po=
rt
> 50,51 and 500 tcp and udp, still will not work.
>=20
> If I take the firewall out of the equation it works fine.
>=20
> I have gone over everything so many times that, what I am missing is
> right there in front of me but it all looks correct.
>=20
> Any help to steer me in the right direction would be appreciated.
>=20
> Skip
>=20
> =20
>=20
>=20
>=20
>=20
> ______________________________________________________________________
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/sho=
rewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-newbies mailing list