Tom Eastep schrieb:
Philipp Rusch wrote:
my problem is that traffic is going to the wrong zone.
When I try to access hosts in one of ipsec zones while I am sitting in an
openvpn zone, my packets travel to "net" and hence don't find their aim.
Your problem is that you don't understand IPSEC. This is neither a
Shorewall problem nor is it a routing problem. As I said in my previous
message, you must configure IPSEC to encrypt the traffic -- then AND
ONLY THEN will it go to the right destination.
-Tom
------------------------------------------------------------------------
Tom,
just for clarification: if I have a multihomed host sitting in a LAN
with one
arm and several openvpn clients on this same host, the packets that
the IPSec SA and/or shorewall sees are coming from the wrong "origin" ?
So my misunderstanding was that I somehow thought that these OpenVPN-
tunnel terminate on the firewall and therefore can fulfill the same SA that
I already defined for firewall to IPSec client-tunnels.
If I would be able to setup a bridged OpenVPN connection, then those SA's
should match, because the packets from OpenVPN-clients look the same
as if they were coming from the internal zone "loc", right ?
So my last question is:
Is bridging with tap-devices the way to go ?
Regards,
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
