I set up a firewall/gt/vpn machine with SuSE 8.0 and SuSE Firewall2. IPSec works fine, connection established. Connections to ssh and ftp from external is ok. Now when I try to ping an external address from internal lan (not from this machine) I get the following message: Aug 1 13:28:22 transfairix kernel: SuSE-FW-UNAUTHORIZED-ROUTING IN=eth1 OUT=eth0 SRC=10.10.13.152 DST=10.75.0.110 LEN=60 TOS=0x00 PREC=0x00 TTL=127 D=24367 PROTO=I CMP TYPE=8 CODE=0 ID=1024 SEQ=24093 Both IPs are located within the VPN subnets for FreeS/WAN. Without the firewall it works. Whats's wrong with my firewall config?
Assuming you're running freeswan to set up ipsec, should'nt the route to your vpn subnet go across ipsecX and not across eth0 ??!!!!!! route add -net 10.75.0.0 netmask 255.255.0.0 ipsecX Check netstat -rn for kernel routing table. As i can recall the thing is called eroute in freeswan. Did you mentioned the whole subnet in ipsec.conf or just the hosts?? I'am not shure, but maybe you've to set FW_ALLOW_CLASS_ROUTING="yes" Yours Michael