[Openswan Users] Tunnels come up, but not all traffic goes
through
Ken Bantoft
ken at xelerance.com
Tue Jun 8 22:04:04 CEST 2004
On Tue, 8 Jun 2004, Matt Harrell wrote:
> I was running FreeSWAN 2.06 on FC1 to connect to 5 tunnels (subnets) to
> work. This was working great. Then I upgraded to FC2 and started using
> OpenSWAN (RPM package 2.1.2-1.fc2). I can get all of the tunnels to come
> up, but not all types of traffic are making it to hosts at work. I can
> ping anything just fine. I can SSH to a Linux server. However, just
> about everything else I've tried fails, not getting past the work firewall
> (I administer it). The work firewall has not changed, and all of this
> worked just fine before the FC2 upgrade.
You will need to update your firewall rules on the FC2 box. Note that FC
1 used a 2.4 kernel, so KLIPS (ipsec0 device) was still present. FC2 uses
2.6 kernel, with the native stack. So no more ipsec0 device, meaning
you'll need to rewrite all of your firewall rules and remove references to
ipsec0.
> I'm using iptables/netfilter on my home Linux box. Is there something
> different that needs to be done in iptables to get traffic like Terminal
> Server (3389/tcp) to work through ipsec properly? The problem does not
> appear to be with rule settings on the work firewall. I tried changing
> the configuration of the VPN so that it does not use rules (i.e., it's
> wide open), and the problem is still there.
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Users
mailing list