[Openswan Users] OpenSWAN behind shorewall -- keep getting ESP protocol denied at firewall

Brian Neu proclivity76 at yahoo.com
Tue Feb 6 13:17:06 EST 2007


I'm supporting some Linksys BEFVP41 routers connecting back to an Openswan server.  

The server DID have a real IP, but had to be moved behind a Shorewall firewall with NAT.

Now the Linksys clients can actually connect, but then after unknown even, stops working and the Shorewall firewall suddenly starts producing "REJECT" logs on protocol ESP at the external IP address, even though I have ESP DNAT'd to the Openswan server.  For the moments that the setup is working, the ESP REJECTS aren't happening.  Then suddently, the connections fail and the msg's start coming.

I have posted to shorewall-users, and Tom is helping me out, but I wanted to see if anyone has a clue on this.  I just don't understand the protocols well enough to troubleshoot it and I'm under the gun to get a quick fix.

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070206/cd1cb58f/attachment.html 


More information about the Users mailing list