You need to use /etc/shorewall/hosts! -Matt
On 16 Jun 2014 at 10:17, Brian J. Murrell wrote: > Hi, > > I'm using shorewall 4.5.21.5 (on F20, FWIW, but that probably doesn't > matter much). > > I have OpenVPN on my shorewall-protected router with a number of remote > connections (that all connect to me as they are all effectively road > warriors with dynamic IPs). > > I've added zone entries as such: > > vpn1 ipv4 > vpn2 ipv4 > vpn3 ipv4 > vpn4 ipv4 > vpn5 ipv4 > vpn6 ipv4 > vpn7 ipv4 > > and then interfaces as such: > > vpn1 tun0 > vpn2 tun0 > vpn3 tun0 > vpn4 tun0 > vpn5 tun0 > vpn6 tun0 > vpn7 tun0 > > That yields an error about duplicate interfaces (tun0) in the interfaces > file. > > I actually used to have: > > - tun0 > > in my interfaces file on previous versions of this configuration and > shorewall but that seems to emit warnings about empty zones when I try > to install it and missing "loc2vpn$n" chains where I specify what my > local subnet is allowed to do on the VPN subnets. > > I did look at http://shorewall.net/OPENVPN.html but I didn't see > anything there about how to handle the case of multiple OpenVPN clients > where you want to put them into different zones because they have > different rules. > > Any ideas? > > Cheers, > b. > > ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
