On Jul 28, 2011, at 6:38 PM, Das wrote:
> Hi,
>
> Ok so this?
>
> openvpnclient net <actual IP I connect to?>
>
> So if I make the tunnels like above, to the actual IP and then I make the
> policy like below:
>
> # Block this machine from accessing NET ZONE accept for exceptions in
> /etc/shorewall/rules
> $FW net DROP ULOG
>
> # Allow this machine to access the VPN ZONE for everything
> $FW vpn ACCEPT
>
> This isn't doing anything...
>
> Am I understanding this correct that those two lines with the tunnels is all
> I need now in the policy, if so, then how is someone suppose to connect to
> the internet over eth0 or wlan0 net if it's not being accepted first?
>
> I'm using a computer that I want to have normal internet connectivity and I
> do not see how that is possible with only those 2 lines above, also like that
> you can't connect to the VPN, you have to accept the net first then drop it
> later once connected to the vpn, so I still do not see what the tunnels is
> doing...
>
>
> 1. I use a broadband internet connection for a desktop/laptop.
> 2. Besides normal internet activities I also use OpenVPN.
> 3. When using OpenVPN I want to protect the computer from being able to get
> back online if the VPN connection drops, this is the objective here and that
> is why I have the policy like that, because as you can see, once I am
> connected to the vpn I then drop the net and no longer accept it and like
> that, if the vpn connection goes down, I can't get back online and that is
> what I want, the VPN is for protection, so of course I don't want to be
> online without it...
>
> Because of 1-3 this is why I make the policy like this, I see no other way
> around this, or I'm very lost here, or I'm not explaining this very well for
> others to understand what I'm trying to do...
I'm done with this.
Maybe someone else on the list has the patience to carry on.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
