Tom Eastep wrote: > Nico Pagliaro wrote: >> Hi, I need some help in this problem: >> I am having this problem: >> >> I have my vpn client with openvpn and my shorewall fireall at work with >> openvpn >> server (in the same server) >> Now, I need to route my vpn client traffic to this IP:74.53.205.xxx to >> be routed >> to my shorewall firewall because I accept connectios on that server only >> from >> my shorewall external Ip. >> The problem is that when I configure my server.conf (openvpn) to push >> "route 74.53.205.xxx 255.255.255.255 <http://255.255.255.255>" to the >> client, I cant access that server. >> What is wrong in my conf?? > > It sounds to me like you are trying to push a route to the VPN server to go > through the VPN connection -- that can never work! You are asking your > system to route the encrypted VPN packets through the VPN itself.
Tom: The openvpn tunnel, based on the masq entries, appears to be to 201.221.xx.xx or 200.40.xx.xx *on the firewall*, that is supported by the tunnels file entry. Based on the masq entries "eth1 10.8.0.0/24 201.221.xx.xx" it appears that Nico wants to have the traffic from the vpn client to 74.53.205.xxx appear to come from the fw/vpn-server's 201.221.xx.xx. address, that would explain the push route in openvpn. I think this is what Nico wants: from the vpn-client to 74.53.205.xxx: vpn-client (with host route) -> tunnel -> fw/vpn-server -> masq to 201.221.xx.xx -> eth1gw -> 74.53.205.xxx from 74.53.205.xxx to the vpn-client: 74.53.205.xxx -> eth1gw -> fw/vpn-server -> de-masq -> tunnel -> vpn-client Nico: Could you clarify this for us please. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
