Hello
I have two machines connect over OpenVPN.
I'm adding Shorewall protection to them both. I installed
shorewall6-lite version
4.6.6.1
yesterday on both machines.
I have the firewalls working ok for normal internet traffic with servers, LANs,
etc.
But I'm stuck on a puzzle with the OpenVPN connection.
The overall setup looks like this
SVR1
eth0 XX.XX.XX.XX
192.168.1.1
tun0 10.1.1.1
SVR2
eth0 YY.YY.YY.YY
tun0 10.1.1.2
eth1 192.168.2.1
With Shorewall in place, The VPN is up and I can ping VPN endpoint-to-endpoint
in both directions. I.e. both of these work
SVR1
ping 10.1.1.2
SVR2
ping 10.1.1.1
But when I ping lan-to-lan
SVR1
ping 192.168.2.7
I get blocked on SVR2 with
Jan 27 09:04:39 ganymede kernel: [663916.258385]
shorewall:vpn2lan:REJECT IN=tun0 OUT=eth1 SRC=10.1.1.1 DST=192.168.2.7 LEN=84
TOS=0x00 PREC=0x00 TTL=63 ID=15925 DF PROTO=ICMP TYPE=8 CODE=0 ID=29216 SEQ=1
It's failing on communication between 'vpn' and 'lan' zones according to the
log on SVR2 with
vpn2lan:REJECT
Even though I have these in Shorewall rules
Ping(ACCEPT) vpn lan
Ping(ACCEPT) lan vpn
This should be pretty simple and I probably did something obviously wrong but I
don't see it yet.
Any ideas please?
Rog
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
