On 4/27/12 6:14 PM, Lito Kusnadi wrote: > Hi, > > I am having problems with setting multiple ISP links and openvpn roadwarrior > with Centos. > > The firewall I have is designed to run on both links, actively used and > redirect traffic from DMZ and LAN based on their services to specific > providers. > > I am able to get the firewall running to the state where a simple Internet, > DMZ, LAN topology works and able to redirect traffics and DNAT services to > certain provider links based on the requirement. > > However, when I add openvpn in the firewall and set it as vpn server for > roadwarrior, I am not able to connect to the openvpn port with telnet from > public internet. For some reason, it is blocked. Openvpn runs on tun0 and I > can confirm it is running by telnet to port 443 tcp (the port I used for > openvpn) from the firewall itself and the openvpn service is running. > > I collect logs for all REJECT and DROP packets but cannot see the attempted > traffic in that log. > > Attached is the dump from shorewall. > > This is what I have done based on the documentation from shorewall:
I see no evidence from the dump that the OpenVPN connection requests are ever reaching the Shorewall box. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
