Suppose that we have the following situation:
We want systems in the 192.168.1.0/24 sub-network to be able to communicate with systems in the 10.0.0.0/8 network.
In /etc/shorewall/tunnels on system A, we need the following
TYPE ZONE GATEWAY ipsec net 134.28.54.2
In /etc/shorewall/tunnels on system B, we would have:
TYPE ZONE GATEWAY ipsec net 134.28.54.2
At both systems, ipsec0 would be included in /etc/shorewall/internet as a "gw" interface:
ZONE INTERFACE BROADCAST OPTIONS gw ipsec0
Once you have these entries in place, restart Shorewall (type shorewall restart); you are now ready to configure the tunnel in FreeS/WAN.
Suppose that you have a laptop system (B) that you take with you when you travel and you want to be able to establish a secure connection back to your local network.
In this instance, the mobile system (B) has IP address 134.28.54.2 but that cannot be determined in advance. In the /etc/shorewall/tunnels file on system A, the following entry should be made:
TYPE ZONE GATEWAY ipsec net 0.0.0.0/0
Last updated 2/22/2001 - Tom Eastep