From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Jan 02 2003 - 21:07:33 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 29 Dec 2002, David Frascone wrote:
> Once ipsec comes up, wireless nodes can securely access the internal
> network, but packets to the 'net get dropped into the void. I see them on
> the wireless segment as raw packets (not ESP packets), but, for some reason,
> my firewall no longer routes them to the default route.
It's likely that the firewall is dropping clear packets from your wireless
node, as you do have an explicit tunnel to it.
What you may want to do is re-define the subnet connection like so:
> conn laptop-home-net
> keylife=1h
> left=10.0.0.1
leftsubnet=0.0.0.0/0
> leftid=@newman.frascone.com
> leftrsasigkey=I don't think so
> right=%any
> rightid=@laptop.frascone.com
> rightrsasigkey=I don't think so
> #compress=yes
> # you'll need to do "ipsec auto --up fswn-swll" to start this up
> # unless you use auto=start, but thats just basic freeswan stuff
> auto=add
... so that all traffic, be it wired gateway or WAN, will be tunneled securely
via IPSec. No need to send anything in the clear via an insecure medium.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPhScB0OSC4btEQUtAQGzFwP+PhFUCobumGOerkVYmX8SUlj00SaYMdmi
ERRtymc28Uj0hZMftULu+shzArIF3vIYWC2wRKPvdNuQytifldEMEykjC8itGxL+
5ith2heDgHVCoIelZhmD10nIntR1+Rel4VHQSx6yhm0NJx0N1GUcjqWAD3FpUH1k
AFNQxjztD+M=
=28Uz
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Jan 03 2003 - 05:21:07 CET