Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: Building a VPN with FreeS/WAN, SuSEfirewall2 and SSH Sentinel
  • From: "Argentium G. Tiger" <agtiger@xxxxxxxxx>
  • Date: Mon, 21 Jan 2002 08:38:40 -0600
  • Message-id: <5.1.0.14.2.20020121082331.036a41c0@xxxxxxxxxxxxxxxxxxxx>

http://www.nadmm.com/show.php?story=articles/vpn.inc

Nadeem: I successfully patched the _updown_custom script by hand, it seems
to be working. I also added a couple of extra echo messages in order to be
able to track what it was doing.

Now I'm left with another question:

I have two subnets, each behind SuSE 7.3 firewalls running ipsec and
SuSEfirewall2 2.1.

In the /etc/rc.config.d/firewall2.rc.config file:

The first subnet is 192.168.1.0/24, the second subnet is 192.168.2.0/24
each with a 255.255.255.0 netmask, so they shouldn't overlap.

Should I have the FW_FORWARD set to:
FW_FORWARD="192.168.1.0/24,192.168.2.0/24 192.168.2.0/24,192.168.1.0/24"

So that the two subnets are automatically forwarded to each other by
SuSEfirewall?

Or should it be set to:
FW_FORWARD=""

Seeing a copy of your firewall2 config script might be handy. :-)

I'm still not getting this thing to work properly, even though I'm getting
a message in /var/log/messages that the IPsec SA has been established. :-(

UDP 500 packets are being accepted, and the session appears to be negotiated
properly between both firewalls, yet no packets are actually forwarded.

I send pings from 192.168.2.11 over to 192.168.1.11 (both file servers behind
the respective firewalls) and the packets just seem to disappear. *sigh*

Hoping someone, anyone has an answer...

Argentium


< Previous Next >
References