From: "M Lu" <[EMAIL PROTECTED]> To: "Tom Eastep" <[EMAIL PROTECTED]>,"Martin Hejl" <[EMAIL PROTECTED]> CC: <[EMAIL PROTECTED]> Subject: [leaf-user] Re: OpenVPN howto Date: Sat, 8 May 2004 18:01:25 -0400
Hi Tom and Martin,
with your suggestions and documentation, I have setup OpenVPN on Bering router to have one subnet-subnet (using UDP port 5000) and then one road-warrior (using UDP port 5555 and Windows 2000).
Thank you very much and I would like to post what I did for the road-warrior part in case somebody wants a reference in the future.
My OpenVPN configuration files for Road-Warrior (using preshared-key) look like that:
On Bering:
dev tun tun-mtu 1532
# listen on this IP Address local 24.11.155.243 port 5555 ifconfig 172.16.0.1 172.16.0.2 secret static.key persist-tun ping-restart 60 ping-timer-rem persist-tun persist-key ping 10 verb 3 mute 10
On Windows 2000:
port 5555 remote 24.11.155.243 tun-mtu 1500 tun-mtu-extra 32 dev tun ifconfig 172.16.0.2 172.16.0.1 secret STATIC.KEY ping 10 route 192.168.1.0 255.255.255.0 172.16.0.1 verb 3
Here is what I have in the the Shorewall config for one subnet-subnet and one road-warrior.
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS # vpn tun0 vpn2 tun1
/etc/shorewall/tunnels
# TYPE ZONE GATEWAY GATEWAY # ZONE openvpn:5000 net 0.0.0.0/0 vpn openvpn:5555 net 0.0.0.0/0 vpn2
/etc/shorewall/zones:
#ZONE DISPLAY COMMENTS vpn VPN vpn2 VPN2
/etc/shorewall/policy:
#SOURCE DEST POLICY loc vpn ACCEPT vpn loc ACCEPT # loc vpn2 ACCEPT vpn2 loc ACCEPT # vpn fw ACCEPT fw vpn ACCEPT vpn2 fw ACCEPT fw vpn2 ACCEPT
--------
And I have to add the following rule explicitly to /etc/shorewall/rules
ACCEPT net fw udp 5555
to allow traffic on UDP port 5555.
Tom could you help me to understand why I need this rule here eventhough I have defined it in 'tunnels' file?
M Lu.
----- Original Message ----- From: "Tom Eastep" <[EMAIL PROTECTED]>
> > I'll look forward to receiving your update to the document (note that > the document itself was contributed by Simon Mater). > > -Tom
------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
_________________________________________________________________ Are you in love? Find a date on MSN Personals http://match.msn.com.my/
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
