|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[suse-security] SuSEfirewall2 and VPN
From: Christian Wittmer (chris
computersalat.de)
Date: Mon Sep 04 2006 - 16:52:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi list-users,
trying to setup SuSEfirewall2 (SuSE 9.3) to work with IPSEC, but with no
success.
tunnel is up, but packets who should go through tunnel did not go through.
Any help would be appreciated.
Here some info about my config:
I'm using DSL with fixed IP.
VARS from SuSEfirewall2:
FW_DEV_EXT="ppp0"
FW_DEV_INT="eth0 eth1" # eth0 192.168.101.0/24
FW_MASQ_NETS="192.168.101.0/24 172.16.17.0/29 0/0,!192.168.2.0/24"
FW_SERVICES_EXT_UDP="37 53 123 500 873 922 2401 4500"
FW_SERVICES_EXT_IP="esp"
FW_FORWARD="\
172.16.17.0/29,192.168.101.0/24,ICMP \
192.168.101.0/24,172.16.17.0/29,ICMP \
172.16.17.0/29,192.168.101.220,tcp,19226 \
192.168.101.220,172.16.17.0/29,tcp,19226 \
192.168.101.0/24,192.168.2.0/24,,,ipsec \
192.168.2.0/24,192.168.101.0/24,,,ipsec \
192.168.101.0/24,192.168.68.0/24,,,ipsec \
192.168.68.0/24,192.168.101.0/24,,,ipsec"
FW_IPSEC_TRUST="no"
##################
hades:/etc/sysconfig # iptables -L -n -t nat
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.101.0/24 0.0.0.0/0
MASQUERADE all -- 172.16.17.0/29 0.0.0.0/0
MASQUERADE all -- 0.0.0.0/0 !192.168.2.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
##################
hades:/etc/sysconfig # setkey -D
xxx.xxx.xxx.188 xxx.xxx.xxx.138
esp mode=tunnel spi=3117414419(0xb9cff813) reqid=16385(0x00004001)
E: 3des-cbc 334fec87 9c497e97 2ee43f9b d70dfe2a 65ae72e0 cb08c64b
A: hmac-md5 177d6696 9e1143ec 102ec467 f2e8d9bf
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Sep 4 18:29:37 2006 current: Sep 4 21:36:02 2006
diff: 11185(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=28506 refcnt=0
xxx.xxx.xxx.138 xxx.xxx.xxx.188
esp mode=tunnel spi=2811047203(0xa78d2d23) reqid=16385(0x00004001)
E: 3des-cbc 47767294 28a98de2 34a641be e1606fcc 16837566
-----------------------------------------
Diese E-Mail wurde durch SquirrelMail versandt
"Webmail for nuts!"
-----------------------------------------
Bereitgestellt fuer Kunden von Scorpio IT
http://www.scorpio-it.net
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]