[Shorewall-users] Solved ! another ipsec(frees/wan and shorewall question:host to host(router)vpn and internet access

cmisip cmisip at insightbb.com
Sun Aug 3 13:50:03 PDT 2003


Thank You very much for your time and effort.  I have managed to
successfully bring up the ipsec tunnel between the laptop and the
linuxrouter and now all wireless communication is encrypted even for
packets destined for the internet.  It was not a configuration issue in
shorewall at all but with ipsec.conf.  I did not supply a rightsubnet in
the laptop ipsec.conf and a leftsubnet in the linuxrouter ipsec.conf.  I
thought I did not need this in a host to host vpn setup.  It turns out
that this setting controls what of the remote network you are able to
access.  Omitting this sets the default rightsubnet on the laptop to
point to just the linuxrouter and so packets destined for the internet
are dropped by the ipsec connection and not forwarded to shorewall for
masquerading.  I set the laptop rightsubnet and the linuxrouter
leftsubnet to "0.0.0.0/0 and brought the tunnel up.  I ran into another
snag, apparently, there is a problem with one of the default conns of
freeswan, specifically the conn-private-or-clear.  It is preventing me
from setting the eroute to "0.0.0.0/0".  I specified the conn
private-or-clear in ipsec.conf and set auto=ignore just to override it. 
Now the tunnel can be brought up without any errors and internet access
is possible and encrypted. I setup a couple of other tunnels for the
other machines in the lan and now all wireless communication is
encrypted.  Thank You Again.





More information about the Shorewall-users mailing list