On Fri, 2014-08-01 at 08:47 -0400, Miloslav Trmač wrote: > > 2. What zone should the server put the clients they connect. Should > > there be some special vpn zone or should I use one of the existing ones? > > (none of the existing looks very reasonable for that). > How are the clients connected exactly? If the traffic looks like it arrives > on a virtual interface, a zone should be assigned to that interface, using > the existing system-wide configuration for that interface > (/etc/sysconfig/network-scripts/ifcfg*) if at all possible (this might > require extra code I don’t know much about).
Correct the traffic arrives on a virtual interface. So as according to the wiki the client should at some point execute "firewall-cmd --zone=myzone --add-interface=tun-client-iface". The question is what myzone should be. Should it be one of the pre-defined zones, or should a new zone be created by the application and the administrator should be expected to set its properties? regards, Nikos -- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
