Glenn Tarbox, PhD wrote: > Hello, > > So, I've gotten OpenVPN and Shorewall working in most places... just not > where it really matters (typical :-) > > It seems straightforward in many ways... but, my first guess would be that > there's a problem with traffic shaping tables and what the chains end up > wanting to do with packets intended for the vpn (tun0) > > The configuration is that there is a client on the firewall / router / > shaper. The routes all look correct when doing an ip route ls. But, no > pings work... > > Wireshark confirms... when I try to ping 10.8.0.1 from the firewall its > trying to send packets out eth0
That is a routing issue, shows up when the firewall is acting as a client, with multi-hop gateways defined. > > In my case, tun0 is not a device to be shaped... but I do have some strict > rules WRT where traffic should go. However, the simple test of pinging > stuff on the lan (also not shaped) seem fine... looks like the same kinda > routes to me... and, looking through the normal dumps things seem ok... > Have you looked at: http://www.shorewall.net/MultiISP.html#route_rules I think all you may need is an entry like this: - 10.8.0.0/24 main 1000 Jerry ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
