[Openswan Users] OpenSWAN behind shorewall -- keep getting ESP protocol denied at firewall

Brett Curtis dashnu.mutt at gmail.com
Tue Feb 6 13:57:01 EST 2007


Port 500, 4500 udp & proto 50 should all be in your prerouting table dnatting
at the ip of you openswan machine.

Is this already the case?

-b

On 10:17 Tue 06 Feb     , Brian Neu wrote:
> I'm supporting some Linksys BEFVP41 routers connecting back to an Openswan server.  
> 
> The server DID have a real IP, but had to be moved behind a Shorewall firewall with NAT.
> 
> Now the Linksys clients can actually connect, but then after unknown even, stops working and the Shorewall firewall suddenly starts producing "REJECT" logs on protocol ESP at the external IP address, even though I have ESP DNAT'd to the Openswan server.  For the moments that the setup is working, the ESP REJECTS aren't happening.  Then suddently, the connections fail and the msg's start coming.
> 
> I have posted to shorewall-users, and Tom is helping me out, but I wanted to see if anyone has a clue on this.  I just don't understand the protocols well enough to troubleshoot it and I'm under the gun to get a quick fix.
> 
> Thanks.
> 

> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


-- 

Created with VIM & mutt.

If you've done six impossible things before breakfast, why not round it
off with dinner at Milliway's, the restaurant at the end of the universe?
		-- Douglas Adams, "The Restaurant at the End of the Universe"



More information about the Users mailing list