Farkas Levente wrote: > Tom Eastep wrote: >> Farkas Levente wrote: >>> hi, >>> in the interface doc i read : >>> >>> "The broadcast address(es) for the network(s) to which the interface >>> belongs. For P-T-P interfaces, this column is left blank." >>> >>> but in case openvpn when --topology subnet then the tun interface is a >>> P-t-P connection but still has a subnet. so "-" or "detect"? >>> thanks. >>> >> Look at the output of 'ip addr tun0'. If it contains a 'brd' then use >> 'detect' (or specify the brd address if tun0 might not be up when Shorewall >> starts); otherwise use '-'. > > ok to be clarify tun0 is a openvpn server in topology subnet, while tun1 > is an openvpn client in topology net30. i also check a topology subnet > client. and it seems in case of > - topology subnet (both server and client) there is a brd so use detect. > - all other topology use - > imho it'd be useful to document:-)
The whole BROADCAST nonsense essentially goes away with Shorewall-perl; using that compiler, unless you are running on an old/broken distribution, you must specify '-' or 'detect' in the BROADCAST column and the two are equivalent. So by the time that James finally releases OpenVPN 2.1 (it's still in RC), this should be a non-issue for most users. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
