Hi, have a look at /usr/lib/ipsec/_updown and /usr/lib/ipsec/_updown.x509. The updown-script is primarily for dynamic changes in the firewall. Read the FreeS/WAN chapter about firewalls and the updown-script. Do you use AH or ESP? greetz Andy

...

...

Mathias Homann <admin@eregion.de> 10.12.03 13.10 >>> Hi,

i got two suse 8.0 systems. Frees/WAN up and running, as far as i can say. in /var/log/messages i see something that looks like a sucessful handshake, and after that the systems have the proper routing tables. Now, how do i tweak SuSEfirewall2 to make the tunnel actually work? Subnet behind box1: 192.168.238.0/24 Subnet behind box2: 192.168.237.0/24 Connectivity in both cases: eth0 points to internal net, ipsec0 (via pppß which is DSL over eth1) is the tunnel. What do i put where in /etc/sysconfig/SuSEfirewall to make the tunnel work? bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here