Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Tom Eastep
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/25/2017 11:29 AM, Robert K Coffman Jr. -Info From Data Corp. wrote: >> seem to be a way for me to push up a route to the server > > That doesn't seem to be desirable behavior - any client could > effectively DOS the box. The admin of the ser

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 2:36:23 PM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > tun0 VPN_NET > > Your source would be your local LAN, and I believe you want to > masquerade the traffic through tun0 if that is the tunnel you are using: > > tun0 eth1 (or some variation that

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 2:29:09 PM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > seem to be a way for me to push up a route to the server > > That doesn't seem to be desirable behavior - any client could > effectively DOS the box. The admin of the server needs to make that cha

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> tun0 VPN_NET Your source would be your local LAN, and I believe you want to masquerade the traffic through tun0 if that is the tunnel you are using: tun0 eth1 (or some variation that defines your local LAN) - Bob

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> seem to be a way for me to push up a route to the server That doesn't seem to be desirable behavior - any client could effectively DOS the box. The admin of the server needs to make that change. - Bob -- Check out t

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 12:08:36 PM MST Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote: > > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > > > > > > wrote: > > >> On Wed,

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote: > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > > > > wrote: > >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom > >> > >> wrote: > >>> I'm basi

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Tom Eastep
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > wrote: >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom >> wrote: >>> I'm basically getting what I had before: >>> >

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez wrote: > On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote: > > I'm basically getting what I had before: > > > > lan# ping VPNINTHOST > > > > fw# tcpdump -i eth0 host VPNGW > > 09:46:47.60 IP MYIP.57800 > 149.56

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Roberto C . Sánchez
On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote: > > I'm basically getting what I had before: > > lan# ping VPNINTHOST > > fw# tcpdump -i eth0 host VPNGW > 09:46:47.60 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 > 09:46:48.646222 IP MYIP.57800 > 149.56.251.50.open

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 9:18:11 AM MST Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote: > > On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > > > Hi. > > > > > > I'm having a minor problem setting up shorewall to properly

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Roberto C . Sánchez
On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > Hi. > > I'm having a minor problem setting up shorewall to properly route and allow > openvpn traffic through my firewall. > > I'd like the openvpn client to be running on the firewall, and allow local > machines to connect t

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:59:43 AM MST Robert K Coffman Jr. -Info From Data Corp. wrote: > > So far I have traffic that is getting sent out my public connection to the > > openvpn server, but nothing comes back according to `tcpdump -i extIF host > > VPNGATEWAY`. Nothing shows up in the lo

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Thomas Fjellstrom
On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote: > On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote: > > Hi. > > > > I'm having a minor problem setting up shorewall to properly route and > > allow > > openvpn traffic through my firewall. > > > > I'd like t

Re: [Shorewall-users] Basic openvpnclient setup

2017-01-25 Thread Robert K Coffman Jr. -Info From Data Corp.
> So far I have traffic that is getting sent out my public connection to the > openvpn server, but nothing comes back according to `tcpdump -i extIF host > VPNGATEWAY`. Nothing shows up in the logs stating traffic has been blocked. > policy is set up to log on the final DROP and REJECT rules. Does