Hi,
Ok so this?
openvpnclient net <actual IP I connect to?>
So if I make the tunnels like above, to the actual IP and then I make the
policy like below:
# Block this machine from accessing NET ZONE accept for exceptions in
/etc/shorewall/rules
$FW net DROP ULOG
# Allow this machine to access the VPN ZONE for everything
$FW vpn ACCEPT
This isn't doing anything...
Am I understanding this correct that those two lines with the tunnels is all
I need now in the policy, if so, then how is someone suppose to connect to
the internet over eth0 or wlan0 net if it's not being accepted first?
I'm using a computer that I want to have normal internet connectivity and I
do not see how that is possible with only those 2 lines above, also like
that you can't connect to the VPN, you have to accept the net first then
drop it later once connected to the vpn, so I still do not see what the
tunnels is doing...
1. I use a broadband internet connection for a desktop/laptop.
2. Besides normal internet activities I also use OpenVPN.
3. When using OpenVPN I want to protect the computer from being able to get
back online if the VPN connection drops, this is the objective here and that
is why I have the policy like that, because as you can see, once I am
connected to the vpn I then drop the net and no longer accept it and like
that, if the vpn connection goes down, I can't get back online and that is
what I want, the VPN is for protection, so of course I don't want to be
online without it...
Because of 1-3 this is why I make the policy like this, I see no other way
around this, or I'm very lost here, or I'm not explaining this very well for
others to understand what I'm trying to do...
THANKS
On Thu, Jul 28, 2011 at 2:59 PM, Tom Eastep <[email protected]> wrote:
>
> On Jul 28, 2011, at 5:05 PM, Das wrote:
>
>
> Can you please show me how I should write the tunnels?
>
>
>
> Keep this line
>
> # Block this machine from accessing NET ZONE accept for exceptions in
> /etc/shorewall/rules
> *$FW net DROP info**
> *
> # Allow this machine to access the VPN ZONE for everything
> $FW vpn ACCEPT
>
>
> And add this line to /etc/shorewall/tunnels
>
> openvpnclient net <remote endpoints>
>
> The <remote endpoints> can be a network or list of servers that you connect
> to.
>
> -Tom
>
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
