[Openswan Users] Trouble establishing tunnel (Prashanth Ninan)
=?windows-1250?Q?Lubom=EDr_Klubus?=
lubomir.klubus at orgrez.cz
Wed Feb 16 14:09:57 CET 2005
${IPFW}=/sbin/iptables
$LAN_INTERFACE= {eth0 or eth1}
${IPFW} -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
#${IPFW} -A INPUT -p udp --sport 4500 --dport 4500 -j ACCEPT #NAT-T
#${IPFW} -A INPUT -p udp --sport 1701 --dport 1701 -j ACCEPT #L2TP
${IPFW} -A INPUT -p 50 -j ACCEPT
${IPFW} -A INPUT -p 51 -j ACCEPT
${IPFW} -A OUTPUT -p tcp --sport 500 --dport 500 -j ACCEPT
#${IPFW} -A OUTPUT -p udp --sport 4500 --dport 4500 -j ACCEPT #NAT-T
#${IPFW} -A OUTPUT -p udp --sport 1701 --dport 1701 -j ACCEPT #L2TP
${IPFW} -A OUTPUT -p 50 -j ACCEPT
${IPFW} -A OUTPUT -p 51 -j ACCEPT
${IPFW} -N vpn
${IPFW} -A vpn -s ww.xx.yy.zz -d aa.bb.cc.dd -j ACCEPT
${IPFW} -A vpn -s aa.bb.cc.dd -d ww.xx.yy.zz -j ACCEPT
...
${IPFW} -A FORWARD -i ipsec0 -o $LAN_INTERFACE -j vpn
${IPFW} -A FORWARD -i $LAN_INTERFACE -o ipsec0 -j vpn
${IPFW} -A FORWARD -i lo ipsec0 -j ACCEPT
${IPFW} -A FORWARD -i ipsec0 -o lo -j ACCEPT
Lubomir Klubus
More information about the Users
mailing list