Link to home
Start Free TrialLog in
Avatar of quadquay
quadquay

asked on

allow ipsec passthrough using shorwall firewall

I have users who need to run an IPSec VPN from a client through my RedHat Linux-based router, which is  running a Shorewall firewall.  The firewall is doing NAT.  I have a single public IP address.

Linksys routers have an option called "IPSec Passthrough" which I have found  allows this VPN traffic  to pass through.  How can I configure the Shorewall firewall to allow the IPSec traffic to just "pass through?"  I have opened up all the necessary ports, but no luck.

Anyone have experience with this?
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

The Shorewall documentation (http://man.chinaunix.net/network/shorewall-docs-html-3.0.8/) seems like it has a section addressing your question.

Cheers.
Avatar of quadquay
quadquay

ASKER

The server I'm trying to reach doesn't allow NAT-T or UDP encapsulation.  Any other ideas?
ASKER CERTIFIED SOLUTION
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
My final solution was to use a second public IP address and do one-to-one NAT from the public IP to the workstation running the IPSec client.