[Shorewall-newbies] VPN FYI
spalin at montana.com
Sun Mar 7 14:03:16 PST 2004
This is for anyone having trouble with a VPN behind Shorewall.
I had been working on trying to get a VPN behind Shorewall to work for
Network was setup as 192.168.1.0/24
Tried everything in the book to get it to work, nothing was working.
I did a snoop on eth0 and the VPN was trying to go to 192.168.101.1,
don't know if this was do to the firewall on the other end having
192.168.101.1 on qfe2 or what.
So I changed the network behind Shorewall to 192.168.254.0/24
DNAT net:checkpoint-firewall loc:192.168.254.2 esp -
DNAT net:checkpoint-firewall loc:192.168.254.2 ah -
DNAT net:checkpoint-firewall loc:192.168.254.2 udp isakmp
VPN came up and started working.
I am send this as a FYI so that someone else won't have to pull their
hair out like I did.
More information about the Shorewall-newbies