Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] VPN and SuSEfirewall2
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Thu, 27 Apr 2006 15:10:37 +0200
  • Message-id: <20060427131037.GA4581@xxxxxxx>
Jonathan Baxter wrote:
> Hallelujah. It works.
>
> I changed:
>
> FW_FORWARD="192.168.1.0/24,192.168.200.0/24,,,ipsec \
> 192.168.200.0/24,192.168.1.0/24,,,ipsec"
>
> to:
>
> FW_FORWARD="192.168.1.0/24,192.168.200.0/24 \
> 192.168.200.0/24,192.168.1.0/24"
>
> ie, dropped the "ipsec" flag.
>
> The documentation in SuSEfirewall2 seems to imply that the ipsec flag should
> be there, so maybe this is a bug:

No it's a feature :-) The flag prevents network traffic from leaking
to the outside network in case the tunnel goes down.

Does it work with ipsec flag if you change

IPSEC_MATCH="-m policy --dir in --pol ipsec --proto esp"

to

IPSEC_MATCH="-m policy --pol ipsec --proto esp"

in /sbin/SuSEfirewall2?

cu
Ludwig

--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/

< Previous Next >
Follow Ups