Oh yeah, it is actual IP you connect to.
openvpnclient net 68.123.45.213 (I just made that ip up. :) )
On 7/28/2011 6:38 PM, Das wrote:
Hi,
Ok so this?
openvpnclientnet<actual IP I connect to?>
So if I make the tunnels like above, to the actual IP and then I make
the policy like below:
# Block this machine from accessing NET ZONE accept for exceptions in
/etc/shorewall/rules
$FW net DROP ULOG
# Allow this machine to access the VPN ZONE for everything
$FW vpn ACCEPT
This isn't doing anything...
Am I understanding this correct that those two lines with the tunnels
is all I need now in the policy, if so, then how is someone suppose to
connect to the internet over eth0 or wlan0 net if it's not being
accepted first?
I'm using a computer that I want to have normal internet connectivity
and I do not see how that is possible with only those 2 lines above,
also like that you can't connect to the VPN, you have to accept the
net first then drop it later once connected to the vpn, so I still do
not see what the tunnels is doing...
1. I use a broadband internet connection for a desktop/laptop.
2. Besides normal internet activities I also use OpenVPN.
3. When using OpenVPN I want to protect the computer from being able
to get back online if the VPN connection drops, this is the objective
here and that is why I have the policy like that, because as you can
see, once I am connected to the vpn I then drop the net and no longer
accept it and like that, if the vpn connection goes down, I can't get
back online and that is what I want, the VPN is for protection, so of
course I don't want to be online without it...
Because of 1-3 this is why I make the policy like this, I see no other
way around this, or I'm very lost here, or I'm not explaining this
very well for others to understand what I'm trying to do...
THANKS
On Thu, Jul 28, 2011 at 2:59 PM, Tom Eastep <[email protected]
<mailto:[email protected]>> wrote:
On Jul 28, 2011, at 5:05 PM, Das wrote:
Can you please show me how I should write the tunnels?
Keep this line
# Block this machine from accessing NET ZONE accept for
exceptions in /etc/shorewall/rules
*$FW net DROP info**
*
# Allow this machine to access the VPN ZONE for everything
$FW vpn ACCEPT
And add this line to /etc/shorewall/tunnels
openvpnclientnet<remote endpoints>
The <remote endpoints> can be a network or list of servers that
you connect to.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
