Hi all, After searching all available documents on openvpn that exist on site and all mail-postings regarding the matter described on subject I feel that I am really confused and don't now where to start from.
Currently I have an openvpn server in bridge setup mode inside the LOC zone and the firewall forwards the connections to the servers udp port from either ISP provider. My road warriors get all connected and have all access I grant to them in LOC and DMZ. However I would like to move the openvpn server on the firewall. In particular I am clueless on how to set up the zones and interfaces in the firewall that is connected to 2 ISPs. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- I am using a rather old version of shorwall 3.4.8 That comes with the Alpine uClibc distribution. ( kernel 2.6.25 ) but I wouldn't consider this a limitation, I can move up to a newest version as long as a sh version of shorewall is supported. Also I came across this howto http://people.mandriva.com/~ybourhis/openvpn/bridgedvpn.html that I considered somewhat clear In short the setup that it sugests is this --------------------------------------------------- Shorewall.conf BRIDGING=Yes ------------------------------------- Zones vpn ipv4 -------------------------------------- Interfaces #ZONE INTERFACE BROADCAST OPTIONS - br0 ------------------------------------- hosts #ZONE HOST(S) OPTIONS loc br0:eth3 vpn br0:tap0 ----------------------------------------- tunnels # TYPE ZONE GATEWAY GATEWAY # ZONE openvpn net 0.0.0.0/0 vpn ----------------------------------------------------------- and finally policy #SOURCE DEST POLICY LOG LEVEL loc vpn ACCEPT vpn loc ACCEPT ------------------------------------------------------------------------------ So far so good this seemed clear In my case though with 2 ISPs I miss how to fill the providers file the copy field #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 1 256 main eth0 xx.xx.xx.xx track,balance=1 eth2, ??????????? ISP2 2 512 main eth1 xx.xx.xx.xx track,balance=1 eth2, ??????????? Thank's in advance for any help, hint, or clues that you will provide. Kind regards, Harry ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
