On Mon, 2004-12-13 at 11:03 -0800, Tom Eastep wrote: > On Mon, 2004-12-13 at 10:45 -0800, Tom Eastep wrote: > > On Mon, 2004-12-13 at 13:43 -0500, M Lu wrote: > > > Tom, can he specify openvpn twice in the tunnel file, e.g. > > > > > > openvpn:udp:5000 > > > openvpn:udp:5001 > > > > > > I think I had the problems with that so I use generic instead. > > > > You should be able to specify multiple openvpn tunnels using different > > ports. > > Note though that the syntax is: > > openvpn:5000 > openvpn:5001 > > Shorewall doesn't know anything about openvpn TCP tunnels; you must use > generic tunnels for TCP. > > Also, both ends must use the same port for both source and destination. > The 2.2 version of Shorewall relaxes that so that the following are > equivalent: > > openvpn:5001 > generic:udp:5001 >
I should also note that I consider the presence of the tunnels file to be the worst design error in Shorewall. There is nothing done by entries in that file that can't be done using entries in the rules file and if people had to add rules to accommodate tunnel traffic, maybe they would have a better notion of how to troubleshoot non-working tunnels. I thought seriously about removing the file in Shorewall 2.2 but kept it only because I didn't have the time and energy to rewrite all of the tunnel documentation. I'll again consider making that change in 2.3/2.4. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
