[Openswan Users] Tunnels come up,
but not all traffic goesthrough
Matt Harrell
matt at mattharrell.net
Tue Jun 8 16:42:47 CEST 2004
I should have mentioned that. I did change all references to ipsec0 to
eth1 (external NIC) in my iptables rules. Is that all there is to it?
Thanks.
>
> On Tue, 8 Jun 2004, Matt Harrell wrote:
>
>> I was running FreeSWAN 2.06 on FC1 to connect to 5 tunnels (subnets) to
>> work. This was working great. Then I upgraded to FC2 and started using
>> OpenSWAN (RPM package 2.1.2-1.fc2). I can get all of the tunnels to
>> come
>> up, but not all types of traffic are making it to hosts at work. I can
>> ping anything just fine. I can SSH to a Linux server. However, just
>> about everything else I've tried fails, not getting past the work
>> firewall
>> (I administer it). The work firewall has not changed, and all of this
>> worked just fine before the FC2 upgrade.
>
> You will need to update your firewall rules on the FC2 box. Note that FC
> 1 used a 2.4 kernel, so KLIPS (ipsec0 device) was still present. FC2 uses
> 2.6 kernel, with the native stack. So no more ipsec0 device, meaning
> you'll need to rewrite all of your firewall rules and remove references to
> ipsec0.
>
>> I'm using iptables/netfilter on my home Linux box. Is there something
>> different that needs to be done in iptables to get traffic like Terminal
>> Server (3389/tcp) to work through ipsec properly? The problem does not
>> appear to be with rule settings on the work firewall. I tried changing
>> the configuration of the VPN so that it does not use rules (i.e., it's
>> wide open), and the problem is still there.
>
> --
> Ken Bantoft VP Business Development
> ken at xelerance.com Xelerance Corporation
> sip://toronto.xelerance.com http://www.xelerance.com
>
> The future is here. It's just not evenly distributed yet.
> -- William Gibson
>
>
--
Matt Harrell
http://www.mattharrell.net
matt at mattharrell.net
More information about the Users
mailing list