-----BEGIN PGP SIGNED MESSAGE-----
> with the fixed-dynamic scenario, once the tunnel has been formed and the
> line has been dropped, I am required to reboot both firewalls, and then
the
> tunnel comes back up again. restarting ipsec is not enough!
>snip<
Take a look at doc/firewall.html. There are various strategies, the simplest
is just allowing UDP port 500, ESP (protocol 50) and AH (protocol 51)
traffic
between the two gateways. Have you been using ipchains -L to see if the
firewall's rules would be selectively blocking traffic from the new IP?
As for the port 520 traffic, nothing is ringing a bell at the moment.
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPN33c0OSC4btEQUtAQEI0gQArzsrXyvQcsC27BdCnNU9KAOwAHH3nQqK
IBsXUOJ4BdEBXtD3PohlOkvbYsRN+OcF3KJGG50wgG2nCxvmuAlgpUinuywHEVDu
6TfVj9PGMPB99QmWkmCx+fvywG//tj+/jp0tDMTGZk/qRzo7X2js3J2H1Gw4pODz
jXPgoWBmi7s=
=X+XL
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST