diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 011001c7f..83f08dbcd 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -7,6 +7,8 @@ Changes in 3.4.2 3) Fix 'none[!]' and built-in actions. +4) Fix 'ipsecnat' tunnels. + Changes in 3.4.1 1) Add rest of proxy arp fix. diff --git a/Shorewall/lib.tunnels b/Shorewall/lib.tunnels index 21c2755fc..0432adf58 100644 --- a/Shorewall/lib.tunnels +++ b/Shorewall/lib.tunnels @@ -67,6 +67,7 @@ setup_tunnels() # $1 = name of tunnels file else run_iptables -A $inchain -p udp $source --dport 500 $options run_iptables -A $inchain -p udp $source --dport 4500 $options + run_iptables -A $outchain -p udp $dest --dport 4500 $options fi for z in $(separate_list $2); do diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index fe48e1973..5726754fb 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -43,6 +43,9 @@ Problems corrected in Shorewall 3.4.2 Shorewall now correctly suppresses generation of log messages when a log level of 'none' or 'none!' is given to a built-in action. +4) Tunnels of type 'ipsecnat' would sometimes fail to work because of + a missing rule. + Migration Considerations: If you are migrating from a Shorewall version earlier than 3.2.0 then