Kenneth Burgener wrote: > Hello, and thanks in advance for any suggestions. I switched from a > dumb DSL modem doing my firewall and routing to a powerful Linux server > with shorewall (iptables frontend), but I have a small issue with static > routing for my openvpn. I was hoping someone might be able to shed some > light on this issue that kept me up all last night. I have everything > working and more than I did with the dumb DSL modem, with the exception > of the static routing. > > Summary question: > How do you get shorewall to do a static route? > > I watch the message log, and it does not appear that shorewall is > dropping any connections, so it appears that I am just doing the routing > wrong. > > Any suggestions? This all worked with a simple DSL modem, so this > should work with a powerful Linux router, right?
Here is an update on what I think is happening, and why I think it is routing or shorewall that is the cause... If I manually add a static route for the "VPN" network to one of the machines on the network, I can access that machine over the VPN fine. If I don't have the static route on the machine, it fails. What used to happen, from my understanding, is the request would hit the machine, but as there was no route prelisted in the routing tables, it would be routed to the default gateway. The old gateway, the DSL modem, had a static route that would route this traffic back to the VPN server. the new default gateway, the Linux server, should be mimicking what the old DSL modem did, as far as static routing, and as far as I can tell from tcp dump, it does appear to be forwarding the traffic on. But the request isn't being processed by the VPN server, so it appears that the request was lost into the void. Any thoughts? Suggestions? /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
