[Shorewall-users] 2.6 kernel ipsec and shorewall

Tom Eastep teastep at shorewall.net
Wed Sep 22 13:29:49 PDT 2004


On Wednesday 22 September 2004 12:04, Jonathan Schneider wrote:
> I set up an ipsec/racoon vpn tunnel test environment.  The gateway machines
> are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and
> 10.0.2.1 internally.  The test workstations are 10.0.1.10 and 10.0.2.10.
>
> The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an
> vice versa and they can both use the net via NAT, however 192.168.0.30 and
> 192.168.0.31 cannot directly talk and neither workstation can directly talk
> to those 2 IP addresses either.  I carefully read through
> http://shorewall.net/IPSEC.htm to get it working to the extent that it is.
> I am not sure if the fix lies in the ipsec/racoon configs or shorewall but
> I have pretty much run out of ideas.

If you "shorewall clear", does it work? If not, it is an ipsec/racoon issue.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list