I did find something while inspecting the routing table, I believe:
Before connecting to Open VPN:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1
default via 192.168.0.1 dev eth0
After connecting, before applying firewall:
93.182.186.129 via 192.168.0.1 dev eth0
93.182.186.128/25 dev tun0 proto kernel scope link src 93.182.186.162
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1
0.0.0.0/1 via 93.182.186.254 dev tun0
128.0.0.0/1 via 93.182.186.254 dev tun0
default via 192.168.0.1 dev eth0
After connecting, after applying firewall:
93.182.186.129 via 192.168.0.1 dev eth0
93.182.186.128/25 dev tun0 proto kernel scope link src 93.182.186.162
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1
0.0.0.0/1 via 93.182.186.254 dev tun0
128.0.0.0/1 via 93.182.186.254 dev tun0
default
nexthop via 192.168.0.1 dev eth0 weight 1
nexthop dev tun0 weight 2
After disconnecting OpenVPN:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1
Disconnecting from openVPN appears to clobber my routing table! I
don't even have a default gateway configured after it get done.
What is odd, is that the information logged from OpenVPN doesn't
appear to destroy the routes for anything except things that it has
added to the routing table:
Log information from OpenVPN when tearing down connection:
Thu Jan 3 10:48:16 2013 event_wait : Interrupted system call (code=4)
Thu Jan 3 10:48:16 2013 TCP/UDP: Closing socket
Thu Jan 3 10:48:16 2013 /sbin/route del -net 93.182.186.129 netmask
255.255.255.255
Thu Jan 3 10:48:16 2013 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Thu Jan 3 10:48:16 2013 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Thu Jan 3 10:48:16 2013 Closing TUN/TAP interface
Thu Jan 3 10:48:16 2013 /sbin/ifconfig tun0 0.0.0.0
Thu Jan 3 10:48:17 2013 SIGINT[hard,] received, process exiting
Some possible interaction between it and Shorewall?
On 1/2/13, Tom Eastep <[email protected]> wrote:
> On 1/2/13 1:37 PM, Tom Eastep wrote:
>> On 01/02/2013 10:48 AM, f q wrote:
>>> First of all: Thank you for your timely reply! I see the list is
>>> quite busy and see your name pop-up in most threads; As well as
>>> releasing a new version and other personal concerns, you must keep
>>> quite busy!
>>>
>>
>>> I attempted an experiment, by adding the option:
>>>
>>> local 192.168.0.38
>>>
>>> And commenting out the "nobind" option in my openVPN configuration,
>>> but I observed the same behavior of the "start firewall, connect,
>>> restart firewall, disconnect, fail reconnect" as detailed previously.
>>>
>>
>> Did you make an attempt to reconnect before taking the dump that you
>> forwarded?
>
> And are you seeing martian messages in /etc/shorewall/kern.log when you
> try to reconnect?
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
