debian shorewall racoon

[Harry477]

i have 2 routers with debian "sarge" installed on them
for firewall i am using shorewall and for ipsec and vpn i am using racoon
i am having trouble writing the rules and the policies for my system as i am new to this interface please help

[Head_on_a_Stick]

i have 2 routers with debian "sarge" installed on them

Why? That release went EOL twelve years ago and so is full of known vulnerabilities.

[cuckooflew]

I am not familiar with this interface (shorwell racoon) my self, but the wiki has some info:
https://wiki.debian.org/HowTo/shorewall
You probably should update these routers, and use a more current system, as mentioned by H_O_A_S,
but in any event, also kind of lacking in details, eg: version of shore well, kernel version, etc...
I find this, (you really should try doing some searches yourself,it seems rather well documented),
https://shorewall.org/IPSEC-2.6.html
Since you do not tell us what versions,etc,..not sure this applies, but "sarge" is pretty old, so I think it may apply... read it.(above link)

i am having trouble writing the rules and the policies for my system as i am new to this interface please help

Well, even if me or some one else could write the rules for you,since you do not botherto even show us what you have,nor tell us what you need the rules to cover,eg:

Notice that this configuration only allows the servers in your DMZ to serve up web pages. They can't do anything else, not even surf the web. While this is a much more secure setting, you may need to add a rule so you can download updates to the servers. If so, I would recommend limiting it to a specific IP if possible. Add the following line if you want your servers to be able to download updates from ftp.debian.org:

Do you want your servers to download updates ?and other things,like what you want to accept and what you wantto block.What do you need the rules to do,or not do? Do some research,try to write your rules, if they don't work,and you show us what you actually wrote,(use code boxes please),then maybe someone can help better. On the downloading updates,with sarge,it is no longer supported,so there are no updates,...
==== edited====
If these are production routers,and in use, I suggest looking for a competent system admin,/tech ,and hire them ,getting it all up to date etc,will not be trivial, if it is just a "tinker toy",and a learning project for school, that is ok,you will learn a lot,first start with bringing the system up to date,with a current, supported OS.

[dilberts_left_nut]

http://forums.debian.net/viewtopic.php?f=30&t=51071