[Shorewall-users] IPSEC VPN & Shorewall

Emmett Hogan shorewall@lexielou.com
Tue, 22 Jan 2002 10:25:55 -0800

Content-Type: text/plain; x-avg-checked=avg-ok-44416D3C; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 8bit

Hi Folks,

I am trying to set up an IPSEC VPN with Gauntlet on one end and a IPTABLES 
based firewall on the other.  Needless to say, I went the smart route and 
am using SHOREWALL on the my Linux box.

I put the following entry into my /etc/shorewall/tunnels files (The ip 
addresses have been changed to protect the innocent):

# TYPE          ZONE    GATEWAY         GATEWAY ZONE
ipsec           net

Where is the GAUNTLET box.

Now, there are several RFC1918 address blocks behind that router, 
should I create a zone which contains all those blocks and put that in the 
"GATEWAY ZONE" parameter?

Also, I read in the IPSEC docs that the "tunnelled" packets should NOT be 
masq'ed.  Is that correct?

The SHOREWALL firewall is protecting another 192.168 address block (that is 
NOT being used on the other side of

Also, how does one handle DNS so that addresses on the other side of the 
tunnel can be resolved?

Any help (pointers to docs), etc would be GREATLY appreciated.



Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-44416D3C
Content-Disposition: inline

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.314 / Virus Database: 175 - Release Date: 1/11/2002