On 5/2/2014 1:36 PM, Michael Kress wrote: > Am 02.05.2014 16:47, schrieb Tom Eastep: >> >> Is there any case that you want traffic to go out of tun1 other than >> traffic destined for x.x.x.245/28? >> >> > > Hi, no, I do not need any traffic going out tun1 except for the replies > on queries that come in via tun1 and of course test pings from the > firewall itself to the peer to see whether it's up or not. Other that, > ALL outgoing from LAN+DMZ is supposed to go out the regular router > (192.168.2.1) via eth1 (192.168.2.251).
If that is the case, then there is no point in making tun1 a provider interface (you never need the default route out of it). Simply configure OpenVPN to add a route to x.x.x.245/28 out of tun1 when the VPN is brought up. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
