Patrick McHardy wrote: > > > You need to install forward policies. You can duplicate the input policy > and replace "-P in" with "-P fwd" or use setkey from a current ipsec-tools > release, which does this automatically. > Patrick, Are you aware of a way to install forward policies in a Roadwarrior scenario (racoon instance configured with "generate-policy on; passive on;")? I'm only able to generate in and out policies so the tunnel endpoint fails to forward traffic from the tunnel. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
