Routing IPSec through SuSEFirewall2
Hello, I have the following configuration: Internet-Connection | | eth0 (official IP) Linux-Server eth1 (private IP) | | Home LAN with private IPs On the Linux-Server the SuSEFirewall2 is activated. It does Masquerading and protects my Linux-Server and my internal LAN. Now I want to connect a Notebook with a IPSec VPN-Client to my Home LAN, since I have to connect to an Office LAN's VPN-Server over the Internet. I don't need IPSec on the Linux-Server itself, I just want to route the IPSec Traffic through the Linux-Server. I was told, the IPSec-Client on the Notebook works with Masquerading. Is there anything special I have to configure in /etc/sysconfig/SuSEFirewall2? My first tests dind't succeed. If necessary I can post my /etc/sysconfig/SuSEFirewall2 here. Thank You and Regards, Oliver.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Stettner schrieb: | Is there anything special I have to configure in | /etc/sysconfig/SuSEFirewall2? My first tests dind't succeed. If necessary | I can post my /etc/sysconfig/SuSEFirewall2 here. Hi Oliver, you don't have to configuer anything special. But you have to ensure that your connection partner does not send IP-Packets with the "do not fragment" IP header set when connecting your lan with DSL to the Internet. I had the problem that I could establish the tunnel but no date packets received my Firewall. Only an upgrage of the VPN-Server solved that problem. Regards Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBrvnD6D/0LWcEi7QRApL8AJ4uBBkb0wPmiKu9IoM8bHb0PX01mQCfZtKw Zjb8fKueVB9k4ZakTX3XIdE= =dgQQ -----END PGP SIGNATURE-----
Hi Andreas,
| Is there anything special I have to configure in | /etc/sysconfig/SuSEFirewall2? My first tests dind't succeed. | If necessary I can post my /etc/sysconfig/SuSEFirewall2 | here.
you don't have to configuer anything special.
Right. This time I suceeded. The VPN-Server at the office I tried to connect to had a problem the first time I tried. Now it works great! :-) Thanks, Oliver.
participants (2)
-
Andreas Bock
-
Oliver Stettner