[Shorewall-newbies] VPN FYI

Skip spalin at montana.com
Sun Mar 7 14:03:16 PST 2004


This is for anyone having trouble with a VPN behind Shorewall.
I had been working on trying to get a VPN behind Shorewall to work for
two days.
Network was setup as 192.168.1.0/24
Tried everything in the book to get it to work, nothing was working.
I did a snoop on eth0 and the VPN was trying to go to 192.168.101.1,
don't know if this was do to the firewall on the other end having
192.168.101.1 on qfe2 or what.
So I changed the network behind Shorewall to 192.168.254.0/24
Added 
DNAT    net:checkpoint-firewall  loc:192.168.254.2       esp     -
-
DNAT    net:checkpoint-firewall loc:192.168.254.2       ah      -
-
DNAT    net:checkpoint-firewall  loc:192.168.254.2       udp     isakmp
-
VPN came up and started working.
I am send this as a FYI so that someone else won't have to pull their
hair out like I did.
 
Skip


More information about the Shorewall-newbies mailing list