The VPN represents a Virtual Private Network between two isolated points on the Internet.
In this section you will able to allow the tunnel traffic between these two points through the firewall.
If the tunnel is set, the protocols 50 and 51 and the 500 udp port will be allowed by the shorewall internals. You will therefore not be able to see that with the web interface.
Make sure you have done the appropriate settings in the VPN section.
Here below you'll have an overview of an entire firewall VPN configuration. Examples:
The Zones Setup section will configure the firewall zones :
lan LAN LAN
dmz DMZ DMZ
wan NET internet
vpn VPN vpn_tunnel
The Zones Setup will also configure the firewall interfaces : (Note the multi options for the ppp interface)
wan ppp+ multi
dmz eth1 detect
lan eth2 detect
vpn ipsec0 detect
The Default Policies section will configure the firewall policies :
vpn all ACCEPT info
all vpn ACCEPT info
lan all REJECT info
...
The Rules section will configure the firewall Rules :
You might need to allow the 500 port udp traffic on the CA and on the client. See the VPN section for more details on the CA.
Example for a VPN client:
ACCEPT fw wan udp 500
Or, on the CA:
ACCEPT wan fw udp 500
...
The Tunnels section (this very section).
ipsec wan 192.168.100.119 vpn
The vpn part is optional, so can use an empty space instead. The above IP is the IP of the remote VPN point, somewhere on the internet. Replace that value with the one corresponding to your real remote VPN point.