PETER EASTHOPE wrote:
Folk,A tunnel as described in openvpn.man, Example 2 works between my home 10.4.0.1 and work 10.4.0.2 machines."ping 10.4.0.1" from 10.4.0.2and "ping 10.4.0.2" from 10.4.0.1succeed as expected.10.4.0.1 and peasthope.yi.org both refer to the machine at home where mail is accumulated by fetchmail. A machine on the LAN connected to 10.4.0.2 can retrieve mail from peasthope.yi.org via the Internet.But, of course, I prefer to retrieve through the tunnel.As I understand, the section of openvpn.man entitled "Routing" addresses this, but here, routing should be specified using shorewall rather than the iptables command in openvpn.man.
No and no. You don't specify routing in Shorewall or using iptables. You specify routing via OpenVPN.
I've read http://www.shorewall.net/OPENVPN.htmland remain uncertain about routing. Are the policies #SOURCE DEST POLICY LOG LEVEL loc vpn ACCEPT vpn loc ACCEPT sufficient to get the routing?
No.
Is routing a separate matter?
Yes There are only two cases where Shorewall gets involved in routing:a) Entry in /etc/shorewall/proxy_arp with the NOROUTE column set to 'Yes'. Shorewall will create a host route to the internal system. b) Entry in /etc/shorewall/providers. Shorewall creates an additional routing table and some rules and may replace the default route in the main table.
Again, those are the only instances where Shorewall is involved in route configuration. Please see http://www.shorewall.net/Shorewall_and_Routing.html.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
