Scott Ruckh wrote: > This is what you said Tom Eastep > > > Yeah I noticed the ACCEPTED DNS packet in the dump which I found odd > because the DNS still returned no such host. Now that I see the ACCEPTED > DNS packet from the shorewall dump I am beginning to question my DNS > configuration. Possibly I have an ACL in place from that network???
Is your DNS server even bound to UDP port 53 on 172.16.99.1 (or 0.0.0.0)? Hint: netstat -unap | grep named > >> PS -- and the last dump still doesn't show any VPN client being connected >> the only tun interface shown in the dump is tun0. > > VPN client was definitely connected. I produced the dump file by SSH'ing > to firewall while being connected via VPN. In the dump you can see the > ACCEPT SSH in the road2fw section. This, I assume, was from my SSH > session. You must be using an OpenVPN configuration scheme that I'm not familiar with then. On my routed configuration, each remote client that connects causes the creation of an additional tun device. That's why the Shorewall OpenVPN documentation advocates defining the VPN zone using 'tun+' (which you are doing). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
