[Shorewall-users] Shorewall, FreeS/WAN, and IPSEC
Wed, 2 Jan 2002 05:54:56 -0800
>sample setups of freeswan working with shorewall?
I just implemented this a few days ago. In my case it was the simple
scenario of two private subnets (with different private network numbers!)
already equipped with Shorewall firewalls on which I added Freeswan. The
hardest part was being patient enough for the other end's firewall (a 486=
to compile the patched kernel. I basically followed the example in the
and the referenced IPSEC info at:
My shorewall config was taken directly from Tom's example at the URL abov=
Some random points though:
- I seem to recall earlier versions of the IPSEC.htm document had a typo=
address in them.
- I had commented out the Gateway zone in my /etc/shorewall/zones since =
wasn't previously using it. Things worked a lot better when I put it back
- To avoid changing/testing two things at once, I temporarily changed bo=
ends Shorewall policy to "all all ACCEPT" just to make certain Shorew=
wouldn't get in the way. After I knew the IPSEC tunnel was working, I
changed the policy back to something sane.
- Don't forget that in your Policy and Rules you now have a new zone 'gw=
My IPSEC config was only slightly altered from the example at the URL abo=
- I left 'interfaces=3D%defaultroute' so I could use the same file on bo=
- When the Freeswan installation created the RSA key pairs for me, the
public key was NOT in hex. Therefore, I dropped the leading '0x' shown in
the jixen.tripod.com example.
- [left|right]nexthop is the respective machine's default gateway. Frees=
needs this to set up routing correctly
I hope this helps,
Shorewall-users mailing list