[Openswan Users] openswan 2.6.18 klips with 2.6.24 - is nat-t patch necessary?
Peter McGill
petermcgill at goco.net
Tue Nov 18 08:48:33 EST 2008
Jorge,
Those iptables setting will block any incoming traffic, this includes
the IPSec traffic.
You need to add rules to ACCEPT INPUT and FORWARD on ipsec0, and
ACCEPT protocol 50 and udp port 500 on the public interface.
Peter
Jorge Santos wrote:
> Hi
>
> I just patched kernel 2.6.24.7-rt21.1.fc9.ccrma from planet ccrma srpm
> with klips 2.6.18. When using netkey, I am able to pass traffic to the
> to my enc domain, but when I use klips, with no iptables rules and
> iptables -P INPUT DROP, iptables -P FORWARD DROP, iptables -P OUTPUT
> ACCEPT, I ping from the rw to the enc domain, but no reply comes back.
> Any suggestions
>
> TIA
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list