Jonathan Baxter wrote:
Hallelujah. It works.
I changed:
FW_FORWARD="192.168.1.0/24,192.168.200.0/24,,,ipsec \ 192.168.200.0/24,192.168.1.0/24,,,ipsec"
to:
FW_FORWARD="192.168.1.0/24,192.168.200.0/24 \ 192.168.200.0/24,192.168.1.0/24"
ie, dropped the "ipsec" flag.
The documentation in SuSEfirewall2 seems to imply that the ipsec flag should be there, so maybe this is a bug:
No it's a feature :-) The flag prevents network traffic from leaking to the outside network in case the tunnel goes down. Does it work with ipsec flag if you change IPSEC_MATCH="-m policy --dir in --pol ipsec --proto esp" to IPSEC_MATCH="-m policy --pol ipsec --proto esp" in /sbin/SuSEfirewall2? cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/