Hi,

I've setup two IpCop boxes on two different LANs to create an ipsec
VPN. It works just fine: I can establish connections from hosts on
LAN1 to LAN2 and vice versa. One of the IpCops (called "lisa") has to
work as web proxy for the LAN, with LDAP authentication. It must hence
connect to the LDAP server on the other end of the VPN. The problem is
that lisa cannot establish connections through the VPN, nor can it
ping any host through the ipsec0 interface. This happens also in all
the other IpCop boxes I have, I guess it's a default iptables rule
given in the /etc/rc.d/rc.firewall. I'm pretty new to iptables (I'm
learning it these days) so I don't want to screw everything up by
touching the default conf (although I've tried commenting out
something with no luck).

The lines in /etc/rc.d/rc.firewall regarding this issue should be the
following ones

# trafic from ipsecX interfaces, before "-i GREEN_DEV" accept
everything
/sbin/iptables -N IPSECVIRTUAL
/sbin/iptables -A INPUT -j IPSECVIRTUAL
/sbin/iptables -A FORWARD -j IPSECVIRTUAL

I've also tried to enable logging issuing

iptables -A IPSECVIRTUAL -p all -j LOG --log-level debug --log-prefix
"IPSECVIRTUAL"

but it doesn't seem to log anything.

I really don't know what else to do except keep on studying netfilter,
but any help would be appreciated!

Thanks.

--
~matteo