Hi Mike, Mike Lander wrote: > > shorewall docs say to add these netowrks which confuses me in net map? > More so that the two 10.10.11 and 10.10.10 are different networks. > > SNAT 192.168.1.0/24 vpn 10.10.11.0/24 #RULE 1A > DNAT 10.10.11.0/24 vpn 192.168.1.0/24 #RULE 1B > The entry in /etc/shorewall/netmap in firewall2 would be: > > #TYPE NET1 INTERFACE NET2 > DNAT 10.10.10.0/24 vpn 192.168.1.0/24 #RULE 2A > SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B > Not quite sure how this works
In network1, 10.10.10.0/24 is used as a substitute for the remote 192.168.1.0/24. In network2, 10.10.11.0/24 is used as a substitute for the remote 192.168.1.0/24. and which route commands to use for openvpn On network1, you want to route 10.10.10.0/24 through the tunnel. On network2, you want to route 10.10.11.0/24 through the tunnel. > All software is the latest ie: shorewall openvpn > server box fedora 2 > c;lient suse 11.1 > I have spent hours trying to find examples and posts found this. I see > it was put in shorewall years > ago. I have a need to build this as temp solution until I can fix layer2 > bridges at this network > and the logistics require using same lan ip networks on both sides of > the tunnel until I > can get the wireless bridges back up. > Not quite sure of the route commands to use to get this working. has > anyone else had to use this? Not I. I got it working back when I implemented the code and haven't touched it since. > I see hardly any posts in shorewall on how to accomplish this? I have > came up with what I > think the open vpn configs below. > Just use a conventional host-host VPN config. You then select a pair of networks you plan to use for the surrogate on each end. Let's say that you want to use 10.10.10.0/24 on the client end and 10.10.11.0/24 on the server end. What I would do is use a CCD (client config dir) on the server and in the client's ccd file, I would: route 10.10.11.0 255.255.255.0 push route 10.10.10.0 255.255.255.0 Hope this helps, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
