On Wednesday, 13. February 2002 19:06, you wrote:
Has anyone successfully set up VPN with Susefirewall2 with ESP+AH? And where can I find some docs or howtos on this?
www.freeswan.org is a good place to start. The next question is, do you want to tunnel a private network, e.g. 192.168.1.0/24 to 192.168.2.0/24? Then you want to put ipsec0 into FW_DEV_INT. Important is to let udp port 500 open (for the key exchange protocol) as well as IP protocols 50 and 51 (for ESP or AH, respectively): FW_SERVICES_EXT_UDP="500" FW_SERVICES_EXT_IP="50 51" Read the freeswan documentation very carefully. Do not use freeswan versions 1.93 and 1.94 (recommended is 1.91 or 1.95, though it is not clear if 1.95 has still a little bug left, if I understand the discussions correctly...) Robert