On 7/30/2011 5:01 AM, Simon Matter wrote: >> >> This thread on OpenVPN has made me wonder if I have this setup correctly. >> (I'm not exactly a shorewall-noobie, >> but I find much of the shorewall talk difficult to follow.) >> >> I have a VPN zone: >> ---------------------------------- >> vpn ipv4 >> ---------------------------------- >> and a VPN interface >> ---------------------------------- >> vpn tun0 detect >> ---------------------------------- >> and the following VPN rules >> ---------------------------------- >> ACCEPT vpn loc udp 1194 # OpenVPN >> ACCEPT loc vpn udp 1194 # OpenVPN >> ACCEPT vpn $FW udp 1194 # OpenVPN >> ---------------------------------- >> >> This seems to work OK. >> But is it the correct/best way to set it up? >> > > I'm not exactly sure what you are asking but did you read this? > > http://www.shorewall.net/OPENVPN.html > > Simon > > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
I was going to ask about this too, but thought it might have not been the best timing ;). Right now we have 40 or 50 different places running openVPN, some of them where they are bridges over the internet to connect multiple networks together, others are just for client connectivity to their office network. Basically forever we have been doing it exactly as you described above. Where I didn't put anything in tunnels at all (like the documentation says) but just used the rules instead (like how you have been doing it) Recently I upgraded to the latest version of shorewall and all routing between the the networks completely died, whether it was to networks not being able to talk together or the client connecting in and communicating with the servers in their office. So, I looked at the documentation, added the lines needed in tunnels, completly removed the rule to open up the vpn port (1194) and everything now works perfectly. The version I was on was shorewall-4.4.0-3.noarch.rpm which worked with the rules. The version that i had to create the info in tunnels (according to the documentation) when upgrading was shorewall-4.4.21-1.el5.noarch.rpm. That 4.4.0-3 was from 2009 i believe. I know a lot has changed since then. Thanks to all for contributing and thanks for such a great thing that has been created. Rj ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
