WG: AW: WG: [Shorewall-users] proxyarp <--> OpenSwan VPN/Internet

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I=B4ve figured out the following.=20

I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) =
to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp

x.x.x.14   eth2            eth0            No

very well. That=B4s not through a tunnel (of course a ssh tunnel, but no =
vpn)
but with public ip x.x.x.14 to x.x.x.11

If I try to sftp through the fw to the public internet I have the same
problems as mentioned before.=20

I am able to read/write my providers router config. I=B4ts a cisco and I =
found
mtu 1456 and encapsulation ppp.

The solution still seems to be far away. I have many facts, but I =
don=B4t know
where they have to fit.=20

My dmz host doesn=B4t like talking to the internet. Talking to fw and to =
local
works very well.=20

I will go on trying and changing mtu, mss and some other things.=20

If there is any idea left, please let me know. Thanks in anvance. =20

Cheers
Mike

-----Urspr=FCngliche Nachricht-----
Von: in...@kw... [mailto:in...@kw...]=20
Gesendet: Dienstag, 7. Februar 2006 21:18
An: 'sho...@li...'
Betreff: AW: AW: WG: [Shorewall-users] proxyarp <--> OpenSwan =
VPN/Internet

Shorewall 2.4.2 on left vpn gate with ip x.x.x.14
Shorewall 2.4.1 on right gate with ip y.y.y.212
Shorewall 2.4.1 on fw with ip x.x.x.11 and /etc/shorewall/proxyarp =
x.x.x.14
eth2            eth0            No

I don=B4t know any IPSEC settings in /etc/shorewall/sohrewall.conf. I =
only
know about /etc/shorewall/ipsec and tried out many things like this.

vpn     yes     mode=3Dtunnel             mss=3D1300(1400/1500)
mss=3D1300(1400/1500)

At this point I don=B4t think that it has anything to do with
/etc/shorewall/ipsec, openswan or anything from the vpn. The troubles =
are
always present if I start transfer jobs from x.x.x.14 (through the =
tunnel
and through the public internet) which is configured in
/etc/shorewall/proxyarp in another box with ip x.x.x.11. x.x.x.11 is the =
one
which is connected to my sdsl provider.=20

Cheers
Mike

-----Urspr=FCngliche Nachricht-----
Von: sho...@li...
[mailto:sho...@li...] Im Auftrag von Tom
Eastep
Gesendet: Dienstag, 7. Februar 2006 16:13
An: sho...@li...
Betreff: Re: AW: WG: [Shorewall-users] proxyarp <--> OpenSwan =
VPN/Internet

On Tuesday 07 February 2006 07:01, in...@kw... wrote:
> I=B4ve tried to play with mss values in /et	c/shorewall/ipsec
>
> vpn     yes     mode=3Dtunnel             =
mss=3D1400(1500,1384,1416,1452,1344)

Which version of Shorewall are you running and what is your setting for=20
IPSECFILE (if any) in /etc/shorewall/shorewall.conf?

>
> After all I decided to leave /etc/shorewall/ipsec empty. Further the
> problem seems to be out of the tunnel, too. I think ipsec file won=B4t =
help
> with issues out of the ipsec tunnel.
>

That's exactly what it's for!

-Tom
--=20
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log =
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=103432&bid#0486&dat=121642
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users