Ok started a new thread with appropriate topic
also reconfigged this mail client to be more
friendly to the list..
I think I have my bridge part good. this is /etc/init.d/bridge start
#!/bin/bash
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged
tap="tap0"
# Define a list of physical ethernet interfaces to be bridged
# with TAP interface(s) above.
#
eth="eth1"
eth_ip="10.194.79.191"
eth_netmask="255.255.255.0"
eth_broadcast="10.194.79.255"
default_gw=10.194.79.191
# Path to the system networking script
# For Debian
#NETWORK="/etc/init.d/networking"
# For SuSE
NETWORK="/etc/init.d/network"
# Path to the openvpn start/stop script
OPENVPN_INIT="/etc/init.d/openvpn"
# Path to the openvpn binary
OPENVPN="/usr/sbin/openvpn"
# Path to the brctl binary
BRCTL="/sbin/brctl"
# Path to the ifconfig binary
IFCONFIG="/sbin/ifconfig"
# Path to the route binary
ROUTE="/sbin/route"
do_start(){
for i in $tap; do
$OPENVPN --mktun --dev $i
done
$BRCTL addbr $br
for i in $eth; do
$BRCTL addif $br $i
done
for i in $tap; do
$BRCTL addif $br $i
done
for i in $eth; do
$IFCONFIG $i 0.0.0.0 promisc up
done
for i in $tap; do
$IFCONFIG $i 0.0.0.0 promisc up
done
$IFCONFIG $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
$ROUTE add default gw $default_gw
$OPENVPN_INIT start
}
do_stop(){
$IFCONFIG $br down
$BRCTL delbr $br
for i in $tap; do
$OPENVPN --rmtun --dev $i
$IFCONFIG $i down
$NETWORK force-reload
done
$OPENVPN_INIT stop
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
sleep 1
do_start
;;
*)
echo "usage: $0 start|stop|restart" >&2
exit 3
;;
esac
exit 0
Thu Jun 11 17:21:22 2009 us=403996 Current Parameter Settings:
Thu Jun 11 17:21:22 2009 us=404125 config = '/etc/openvpn/honda.conf'
Thu Jun 11 17:21:22 2009 us=404149 mode = 1
Thu Jun 11 17:21:22 2009 us=404170 persist_config = DISABLED
Thu Jun 11 17:21:22 2009 us=404189 persist_mode = 1
Thu Jun 11 17:21:22 2009 us=404210 show_ciphers = DISABLED
Thu Jun 11 17:21:22 2009 us=404229 show_digests = DISABLED
Thu Jun 11 17:21:22 2009 us=404248 show_engines = DISABLED
Thu Jun 11 17:21:22 2009 us=404268 genkey = DISABLED
Thu Jun 11 17:21:22 2009 us=404288 key_pass_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404308 show_tls_ciphers = DISABLED
Thu Jun 11 17:21:22 2009 us=404329 proto = 0
Thu Jun 11 17:21:22 2009 us=404348 local = '10.194.79.191'
Thu Jun 11 17:21:22 2009 us=404368 remote_list = NULL
Thu Jun 11 17:21:22 2009 us=404390 remote_random = DISABLED
Thu Jun 11 17:21:22 2009 us=404410 local_port = 1194
Thu Jun 11 17:21:22 2009 us=404430 remote_port = 1194
Thu Jun 11 17:21:22 2009 us=404450 remote_float = DISABLED
Thu Jun 11 17:21:22 2009 us=404469 ipchange = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404489 bind_local = ENABLED
Thu Jun 11 17:21:22 2009 us=404518 dev = 'tap0'
Thu Jun 11 17:21:22 2009 us=404538 dev_type = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404558 dev_node = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404578 tun_ipv6 = DISABLED
Thu Jun 11 17:21:22 2009 us=404597 ifconfig_local = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404620 ifconfig_remote_netmask = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=404640 ifconfig_noexec = DISABLED
Thu Jun 11 17:21:22 2009 us=404659 ifconfig_nowarn = DISABLED
Thu Jun 11 17:21:22 2009 us=404678 shaper = 0
Thu Jun 11 17:21:22 2009 us=404698 tun_mtu = 1500
Thu Jun 11 17:21:22 2009 us=404718 tun_mtu_defined = ENABLED
Thu Jun 11 17:21:22 2009 us=404738 link_mtu = 1500
Thu Jun 11 17:21:22 2009 us=404757 link_mtu_defined = DISABLED
Thu Jun 11 17:21:22 2009 us=404777 tun_mtu_extra = 32
Thu Jun 11 17:21:22 2009 us=404797 tun_mtu_extra_defined = ENABLED
Thu Jun 11 17:21:22 2009 us=404816 fragment = 0
Thu Jun 11 17:21:22 2009 us=404836 mtu_discover_type = -1
Thu Jun 11 17:21:22 2009 us=404856 mtu_test = 0
Thu Jun 11 17:21:22 2009 us=404875 mlock = DISABLED
Thu Jun 11 17:21:22 2009 us=404934 keepalive_ping = 10
Thu Jun 11 17:21:22 2009 us=404955 keepalive_timeout = 120
Thu Jun 11 17:21:22 2009 us=404974 inactivity_timeout = 0
Thu Jun 11 17:21:22 2009 us=404994 ping_send_timeout = 10
Thu Jun 11 17:21:22 2009 us=405013 ping_rec_timeout = 240
Thu Jun 11 17:21:22 2009 us=405033 ping_rec_timeout_action = 2
Thu Jun 11 17:21:22 2009 us=405053 ping_timer_remote = DISABLED
Thu Jun 11 17:21:22 2009 us=405073 remap_sigusr1 = 0
Thu Jun 11 17:21:22 2009 us=405093 explicit_exit_notification = 0
Thu Jun 11 17:21:22 2009 us=405113 persist_tun = ENABLED
Thu Jun 11 17:21:22 2009 us=405132 persist_local_ip = DISABLED
Thu Jun 11 17:21:22 2009 us=405152 persist_remote_ip = DISABLED
Thu Jun 11 17:21:22 2009 us=405172 persist_key = ENABLED
Thu Jun 11 17:21:22 2009 us=405191 mssfix = 1450
Thu Jun 11 17:21:22 2009 us=405210 passtos = DISABLED
Thu Jun 11 17:21:22 2009 us=405230 resolve_retry_seconds = 1000000000
Thu Jun 11 17:21:22 2009 us=405250 connect_retry_seconds = 5
Thu Jun 11 17:21:22 2009 us=405270 username = 'nobody'
Thu Jun 11 17:21:22 2009 us=405290 groupname = 'nogroup'
Thu Jun 11 17:21:22 2009 us=405309 chroot_dir = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405328 cd_dir = '/etc/openvpn'
Thu Jun 11 17:21:22 2009 us=405348 writepid = '/var/run/openvpn/honda.pid'
Thu Jun 11 17:21:22 2009 us=405368 up_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405387 down_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405407 down_pre = DISABLED
Thu Jun 11 17:21:22 2009 us=405427 up_restart = DISABLED
Thu Jun 11 17:21:22 2009 us=405445 up_delay = DISABLED
Thu Jun 11 17:21:22 2009 us=405465 daemon = ENABLED
Thu Jun 11 17:21:22 2009 us=405485 inetd = 0
Thu Jun 11 17:21:22 2009 us=405504 log = ENABLED
Thu Jun 11 17:21:22 2009 us=405524 suppress_timestamps = DISABLED
Thu Jun 11 17:21:22 2009 us=405544 nice = 0
Thu Jun 11 17:21:22 2009 us=405563 verbosity = 5
Thu Jun 11 17:21:22 2009 us=405583 mute = 0
Thu Jun 11 17:21:22 2009 us=405602 gremlin = 0
Thu Jun 11 17:21:22 2009 us=405622 status_file =
'/etc/openvpn/servers/honda/logs/openvpn-status.log'
Thu Jun 11 17:21:22 2009 us=405642 status_file_version = 1
Thu Jun 11 17:21:22 2009 us=405661 status_file_update_freq = 60
Thu Jun 11 17:21:22 2009 us=405681 occ = ENABLED
Thu Jun 11 17:21:22 2009 us=405701 rcvbuf = 65536
Thu Jun 11 17:21:22 2009 us=405720 sndbuf = 65536
Thu Jun 11 17:21:22 2009 us=405740 socks_proxy_server = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405761 socks_proxy_port = 0
Thu Jun 11 17:21:22 2009 us=405780 socks_proxy_retry = DISABLED
Thu Jun 11 17:21:22 2009 us=405799 fast_io = DISABLED
Thu Jun 11 17:21:22 2009 us=405819 comp_lzo = ENABLED
Thu Jun 11 17:21:22 2009 us=405838 comp_lzo_adaptive = ENABLED
Thu Jun 11 17:21:22 2009 us=405858 route_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405878 route_default_gateway = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405898 route_noexec = DISABLED
Thu Jun 11 17:21:22 2009 us=405917 route_delay = 0
Thu Jun 11 17:21:22 2009 us=405937 route_delay_window = 30
Thu Jun 11 17:21:22 2009 us=405957 route_delay_defined = DISABLED
Thu Jun 11 17:21:22 2009 us=405976 management_addr = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=405997 management_port = 0
Thu Jun 11 17:21:22 2009 us=406016 management_user_pass = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406036 management_log_history_cache = 250
Thu Jun 11 17:21:22 2009 us=406056 management_echo_buffer_size = 100
Thu Jun 11 17:21:22 2009 us=406076 management_query_passwords = DISABLED
Thu Jun 11 17:21:22 2009 us=406096 management_hold = DISABLED
Thu Jun 11 17:21:22 2009 us=406115 shared_secret_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406136 key_direction = 0
Thu Jun 11 17:21:22 2009 us=406156 ciphername_defined = ENABLED
Thu Jun 11 17:21:22 2009 us=406177 ciphername = 'BF-CBC'
Thu Jun 11 17:21:22 2009 us=406197 authname_defined = ENABLED
Thu Jun 11 17:21:22 2009 us=406217 authname = 'SHA1'
Thu Jun 11 17:21:22 2009 us=406237 keysize = 0
Thu Jun 11 17:21:22 2009 us=406257 engine = DISABLED
Thu Jun 11 17:21:22 2009 us=406295 replay = ENABLED
Thu Jun 11 17:21:22 2009 us=406316 mute_replay_warnings = DISABLED
Thu Jun 11 17:21:22 2009 us=406337 replay_window = 64
Thu Jun 11 17:21:22 2009 us=406357 replay_time = 15
Thu Jun 11 17:21:22 2009 us=406377 packet_id_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406397 use_iv = ENABLED
Thu Jun 11 17:21:22 2009 us=406416 test_crypto = DISABLED
Thu Jun 11 17:21:22 2009 us=406435 tls_server = ENABLED
Thu Jun 11 17:21:22 2009 us=406455 tls_client = DISABLED
Thu Jun 11 17:21:22 2009 us=406475 key_method = 2
Thu Jun 11 17:21:22 2009 us=406495 ca_file = '/etc/openvpn/keys/honda/ca.crt'
Thu Jun 11 17:21:22 2009 us=406515 dh_file =
'/etc/openvpn/keys/honda/dh2048.pem'
Thu Jun 11 17:21:22 2009 us=406535 cert_file =
'/etc/openvpn/keys/honda/ca.crt'
Thu Jun 11 17:21:22 2009 us=406555 priv_key_file =
'/etc/openvpn/keys/honda/ca.key'
Thu Jun 11 17:21:22 2009 us=406576 pkcs12_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406595 cipher_list = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406614 tls_verify = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406634 tls_remote = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406653 crl_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406674 ns_cert_type = 0
Thu Jun 11 17:21:22 2009 us=406694 tls_timeout = 2
Thu Jun 11 17:21:22 2009 us=406714 renegotiate_bytes = 0
Thu Jun 11 17:21:22 2009 us=406734 renegotiate_packets = 0
Thu Jun 11 17:21:22 2009 us=406755 renegotiate_seconds = 3600
Thu Jun 11 17:21:22 2009 us=406775 handshake_window = 60
Thu Jun 11 17:21:22 2009 us=406795 transition_window = 3600
Thu Jun 11 17:21:22 2009 us=406815 single_session = DISABLED
Thu Jun 11 17:21:22 2009 us=406835 tls_exit = DISABLED
Thu Jun 11 17:21:22 2009 us=406855 tls_auth_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=406877 server_network = 0.0.0.0
Thu Jun 11 17:21:22 2009 us=406899 server_netmask = 0.0.0.0
Thu Jun 11 17:21:22 2009 us=406927 server_bridge_ip = 10.194.79.191
Thu Jun 11 17:21:22 2009 us=406951 server_bridge_netmask = 255.255.255.0
Thu Jun 11 17:21:22 2009 us=406974 server_bridge_pool_start = 10.194.79.200
Thu Jun 11 17:21:22 2009 us=406996 server_bridge_pool_end = 10.194.79.202
Thu Jun 11 17:21:22 2009 us=407016 push_list = 'route 10.194.79.0
255.255.255.0,route-gateway 10.194.79.191,ping 10,ping-restart 120'
Thu Jun 11 17:21:22 2009 us=407037 ifconfig_pool_defined = ENABLED
Thu Jun 11 17:21:22 2009 us=407060 ifconfig_pool_start = 10.194.79.200
Thu Jun 11 17:21:22 2009 us=407081 ifconfig_pool_end = 10.194.79.202
Thu Jun 11 17:21:22 2009 us=407103 ifconfig_pool_netmask = 255.255.255.0
Thu Jun 11 17:21:22 2009 us=407124 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407145 ifconfig_pool_persist_refresh_freq = 600
Thu Jun 11 17:21:22 2009 us=407165 ifconfig_pool_linear = DISABLED
Thu Jun 11 17:21:22 2009 us=407186 n_bcast_buf = 256
Thu Jun 11 17:21:22 2009 us=407207 tcp_queue_limit = 64
Thu Jun 11 17:21:22 2009 us=407226 real_hash_size = 256
Thu Jun 11 17:21:22 2009 us=407247 virtual_hash_size = 256
Thu Jun 11 17:21:22 2009 us=407267 client_connect_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407287 learn_address_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407308 client_disconnect_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407328 client_config_dir = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407349 ccd_exclusive = DISABLED
Thu Jun 11 17:21:22 2009 us=407369 tmp_dir = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407389 push_ifconfig_defined = DISABLED
Thu Jun 11 17:21:22 2009 us=407411 push_ifconfig_local = 0.0.0.0
Thu Jun 11 17:21:22 2009 us=407433 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jun 11 17:21:22 2009 us=407453 enable_c2c = ENABLED
Thu Jun 11 17:21:22 2009 us=407473 duplicate_cn = DISABLED
Thu Jun 11 17:21:22 2009 us=407493 cf_max = 0
Thu Jun 11 17:21:22 2009 us=407513 cf_per = 0
Thu Jun 11 17:21:22 2009 us=407534 max_clients = 1024
Thu Jun 11 17:21:22 2009 us=407554 max_routes_per_client = 256
Thu Jun 11 17:21:22 2009 us=407591 client_cert_not_required = DISABLED
Thu Jun 11 17:21:22 2009 us=407612 username_as_common_name = DISABLED
Thu Jun 11 17:21:22 2009 us=407633 auth_user_pass_verify_script = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407654 auth_user_pass_verify_script_via_file =
DISABLED
Thu Jun 11 17:21:22 2009 us=407674 client = DISABLED
Thu Jun 11 17:21:22 2009 us=407694 pull = DISABLED
Thu Jun 11 17:21:22 2009 us=407715 auth_user_pass_file = '[UNDEF]'
Thu Jun 11 17:21:22 2009 us=407736 OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO]
[EPOLL] built on Dec 3 2008
Thu Jun 11 17:21:22 2009 us=459576 Diffie-Hellman initialized with 2048 bit key
Thu Jun 11 17:21:22 2009 us=460423 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0
ET:0 EL:0 ]
Thu Jun 11 17:21:22 2009 us=460530 TUN/TAP device tap0 opened
Thu Jun 11 17:21:22 2009 us=460562 TUN/TAP TX queue length set to 100
Thu Jun 11 17:21:22 2009 us=460622 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 11 17:21:22 2009 us=461498 GID set to nogroup
Thu Jun 11 17:21:22 2009 us=461608 UID set to nobody
Thu Jun 11 17:21:22 2009 us=461673 Socket Buffers: R=[112640->131072]
S=[112640->131072]
Thu Jun 11 17:21:22 2009 us=461729 UDPv4 link local (bound): 10.194.79.191:1194
Thu Jun 11 17:21:22 2009 us=461757 UDPv4 link remote: [undef]
Thu Jun 11 17:21:22 2009 us=461809 MULTI: multi_init called, r=256 v=256
Thu Jun 11 17:21:22 2009 us=461924 IFCONFIG POOL: base=10.194.79.200 size=3
Thu Jun 11 17:21:22 2009 us=461993 Initialization Sequence Completed
and my ifconfig
linux-rwu0:~ # ifconfig
br0 Link encap:Ethernet HWaddr 00:16:17:7E:FE:D1
inet addr:10.194.79.191 Bcast:10.194.79.255 Mask:255.255.255.0
inet6 addr: fe80::216:17ff:fe7e:fed1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:317 errors:0 dropped:0 overruns:0 frame:0
TX packets:241 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43215 (42.2 Kb) TX bytes:133486 (130.3 Kb)
eth0 Link encap:Ethernet HWaddr 00:14:D1:13:43:11
inet addr:75.149.172.88 Bcast:75.149.172.95 Mask:255.255.255.240
inet6 addr: fe80::214:d1ff:fe13:4311/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1865 errors:0 dropped:0 overruns:0 frame:0
TX packets:966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:165265 (161.3 Kb) TX bytes:146769 (143.3 Kb)
Interrupt:20 Base address:0xa000
eth1 Link encap:Ethernet HWaddr 00:16:17:7E:FE:D1
inet6 addr: fe80::216:17ff:fe7e:fed1/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:4218 errors:0 dropped:0 overruns:0 frame:0
TX packets:2006 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:507287 (495.3 Kb) TX bytes:1009394 (985.7 Kb)
Interrupt:23 Base address:0x4000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5508 (5.3 Kb) TX bytes:5508 (5.3 Kb)
tap0 Link encap:Ethernet HWaddr AA:84:53:75:10:7D
inet6 addr: fe80::a884:53ff:fe75:107d/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:622 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:35184 (34.3 Kb)
not sure how to config shorewall or if I have this bridge right but
now there seems to be several ways to config shorewall here
which shorewall docs should I look at with suse 11.1 and shorewall 4.2.9?
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
