[Shorewall-newbies] VPN FYI

Skip spalin at montana.com
Sun Mar 7 14:03:16 PST 2004

This is for anyone having trouble with a VPN behind Shorewall.
I had been working on trying to get a VPN behind Shorewall to work for
two days.
Network was setup as
Tried everything in the book to get it to work, nothing was working.
I did a snoop on eth0 and the VPN was trying to go to,
don't know if this was do to the firewall on the other end having on qfe2 or what.
So I changed the network behind Shorewall to
DNAT    net:checkpoint-firewall  loc:       esp     -
DNAT    net:checkpoint-firewall loc:       ah      -
DNAT    net:checkpoint-firewall  loc:       udp     isakmp
VPN came up and started working.
I am send this as a FYI so that someone else won't have to pull their
hair out like I did.

More information about the Shorewall-newbies mailing list