On Wednesday June 11 2003 12:49 pm, you wrote:
> Hi,
>
> I've just been a lurker for awhile, but now I have a question and I'm
> hoping someone can help. Trying to create a VPN server using Free Swan on
> a RH firewall for XP clients. When I turn on IPsec the internal clients can
> no longer get to the internet. Is there something I need to do with IPsec
> or NAT?
>
> TIA,
>
> Vanessa
>
> "Intelligence is the ultimate aphrodisiac" --
> Timothy Leary
Ian provided a great answer but, I think he may have been too complex in his
thinking. I suspect the problem is a little bit more simple than that. You
say that when you turn on IPSec you internal machines are no longer able to
connect to the internet.
I'll assume for now, based on what you said, that you are using IP tables on
this firewall and that you are trying to terminate the VPN on the firewall.
Does the VPN work when it is enabled?
Assuming that the VPN works, I suspect that your IP tables rules are
mis-configured and that when you enable IPSec, all of the firewall traffic is
being routed through the IPSec route. This is encrypting the regular internet
bound traffic and the remote end, say a web server, has no idea what to do
with an IPSec packet and drops the packet thereby, never allowing a regular
TCP connection to be established on port 80.
I'm sure that if you posted your IP tables rules, one of the IP tables Gurus
would be able to spot the problem immediately.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:32:42 EDT