On 01/03/2013 11:21 AM, f q wrote: > I did find something while inspecting the routing table, I believe: > > Before connecting to Open VPN: > > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1 > 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1 > default via 192.168.0.1 dev eth0 > > After connecting, before applying firewall: > > 93.182.186.129 via 192.168.0.1 dev eth0 > 93.182.186.128/25 dev tun0 proto kernel scope link src 93.182.186.162 > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1 > 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1 > 0.0.0.0/1 via 93.182.186.254 dev tun0 > 128.0.0.0/1 via 93.182.186.254 dev tun0 > default via 192.168.0.1 dev eth0 > > After connecting, after applying firewall: > > 93.182.186.129 via 192.168.0.1 dev eth0 > 93.182.186.128/25 dev tun0 proto kernel scope link src 93.182.186.162 > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1 > 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1 > 0.0.0.0/1 via 93.182.186.254 dev tun0 > 128.0.0.0/1 via 93.182.186.254 dev tun0 > default > nexthop via 192.168.0.1 dev eth0 weight 1 > nexthop dev tun0 weight 2 > > After disconnecting OpenVPN: > > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.38 metric 1 > 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 metric 1 > > Disconnecting from openVPN appears to clobber my routing table! I > don't even have a default gateway configured after it get done.
That's a consequence of your using 'balance' for both providers. When OpenVPN stops, tun0 disappears which causes the balanced route to be removed. If you used 'balance' for tun0 and 'fallback' for eth0, that wouldn't happen. Note that you must also set 'routefilter=0' on both interfaces in /etc/shorewall/interfaces, if you chose to take that approach. Also, when you are running multi-ISP, you must use 'shorewall show routing' to see the whole routing picture. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
