Guilsson Gtalk wrote: > I setup a 2 FW boxes in fail over fashion with 2 links. > These are to be connected from outside via OpenVPN installed in the box. > For SEVERAL reasons, only one OpenVPN must be up at time. Heartbeat > takes care of this correctly. > Notice the setup is Active/Active because some users uses FW1 to access > the Net and others uses FW2 . > > But, in the machine OpenVPN is down I cannot do a "shorewall restart" > after making some adjustments in the rules. > --> ERROR: Unable to determine the routes through interface "tun0" > > There is an option in OpenVPN (persist-tun) to maintain the tunnel up > but only during internal restarts of the tunnel itself. > After "service openvpn stop" the TUN0: also vanishes. > > Is the a way to restart Shorewall ignoring the absence of TUN0 ?
Yes -- in /etc/shorwall/masq, remove 'tun*' from the SOURCE column and replace with the actual VPN subnet(s). -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
