Tom Eastep wrote: > Jerry Vonau wrote: >> Tom Eastep wrote: >>> Jerry Vonau wrote: <snip> >>>> >>> If that is indeed the case then your tip about the route_rules example in >>> the Multi-ISP doc should solve the problem. The cause of the failure is that >>> return traffic from 74.53.205.xxx is mis-routed. >>> >> I agree, but there would be no route in the providers table for tun0. If >> I recall correctly, no route in the ip table, no traffic, otherwise we >> would not have to list the masq lan in the copy column. > > Placing tun0 in the COPY column would require that OpenVPN be started before > Shorewall; the distributions start Shorewall before OpenVPN. By routing all > traffic to the VPN network using the main routing table (using an entry in > route_rules), we avoid that dependency. >
It's not the "to the VPN network" that will be the issue, it's the "from the vpn network to the net" that will be the issue. If you don't use the copy column at all, traffic flows, but you end up with the "martian issue" and other strangeness. If you don't list your "to be masq'd interfaces" in the copy column no traffic flows from the "to be masq'd" to the net. Sounds like a catch22 to me, unless you have the openvpn init script add that route to the provider's table. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
