Hi I have had the same problem, and i found out that i forgot to put on "leftnexthop" or "rightnexthop". Also be sure that the ipsec.conf files are the same on both machines. Another thing - if you are using %default route, this can also be the problem. -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ralf Spenneberg Sent: 14. december 2003 12:50 To: mbrei@xxxxxxxxxxxxxxx Cc: Netfilter Subject: Re: Routing a VPN.....confused Am Son, 2003-12-14 um 03.24 schrieb Matt Brei: > Hi all, > > I'm trying to set up a VPN with my buddy back in Chicago. We're both > using iptables to nat our Internet connection to the rest of the LAN and > filter out all the naughtiness on the cable modem connection. So far, > we've tried FreeS/WAN on the iptables routers, but as soon as we start > the ipsec service, it kills the Internet connection. This sounds pretty much like a configuration issue using freeswan >= 2.0. FreeS/WAN enables opportunistic encryption (OE) by default. This may interrupt your Internet connections since it tries to encrypt everything by default. It uses policy groups for this. You probably have to disable these policy groups. Take a look at: http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.ht ml#disable_policygroups Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: VPN mit Linux Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
