[Shorewall-users] Shorewall + Openvpn route problems

Nico Pagliaro Tue, 09 Oct 2007 06:20:41 -0700

Hi, I need some help in this problem:
I am having this problem:

I have my vpn client with openvpn and my shorewall fireall at work with
openvpn
server (in the same server)
Now, I need to route my vpn client traffic to this IP:74.53.205.xxx to be
routed
to my shorewall firewall because I accept connectios on that server only
from
my shorewall external Ip.
The problem is that when I configure my server.conf (openvpn) to push
"route 74.53.205.xxx 255.255.255.255" to the client, I cant access that
server.
What is wrong in my conf??



I have shorewall Shorewall-perl 4.0.3
My interface configuration is:
eth0:200.40.xx.xx (internet)
eth1:201.221.xx.xx (internet)
eth2:172.16.10.1 (dmz)
eth3:192.168.0.4 (lan)
tun0: 10.8.0.1 (vpn)

Files:Interfaces
net     eth1            detect          norfc1918
net     eth0            detect          norfc1918
loc     eth3            detect
dmz     eth2            detect
vpn     tun0

Zones:
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4
dmz     ipv4
vpn     ipv4

Masq
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK
eth1                    192.168.0.0/24  201.221.xx.xx
eth1                    172.16.10.0/24  201.221.xx.xx
eth1                    10.8.0.0/24     201.221.xx.xx
eth0                    192.168.0.0/24  200.40.xx.xx
eth0                    172.16.10.0/24  200.40.xx.xx

Policy
#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
loc             net             ACCEPT
dmz             loc             ACCEPT          info
dmz             net             DROP            info
net             all             DROP
all             all             REJECT          info
vpn             net             ACCEPT          info
vpn             fw              ACCEPT          info

Providers
#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
OPTIONS         COPY
ded     1       1       main            eth1            201.221.xx.xx
track           eth2,eth3
net     2       2       main            eth0            200.40.xx.xx
track           eth2,eth3


Rules
ACCEPT:info     vpn             net     tcp     http,https


Tunnels:
#TYPE                   ZONE    GATEWAY         GATEWAY
#                                               ZONE
openvpnserver:1194              net     0.0.0.0/0





OPENVPN: Server.conf
push "route 74.53.205.xxx 255.255.255.255"

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Shorewall + Openvpn route problems

Reply via email to