Hi Thomas! On 26/03/2015 18:32, Thomas Winkler wrote: > Hello Angela, > > Yes, openvpn server and shorewall run on the same ARM embedded system ( > Debian 7.8). > > Shorewall version : 4.5.5.3 > Linux Kernel 3.18 > > > I used your settings but still it doesn't work when I run shorewall. > > grep vpn * : > > interfaces:vpn tun0 - > policy:vpn all ACCEPT info > policy:net vpn ACCEPT info > tunnels:openvpnserver:tcp:1194 net 0.0.0.0/0 > zones:vpn ipv4 >
Again my config from another site interfaces:ovpn tun+ policy:loc ovpn ACCEPT policy:ovpn fw ACCEPT policy:ovpn net ACCEPT policy:ovpn loc ACCEPT tunnels:openvpnserver:1194 net 0.0.0.0/0 zones:ovpn ipv4 Try with the policies I use and see if it works! I use tun+ because I have the odd site with more than one openvpwn server running! I also have services on the firewalls and local lans the clients need to access. Have a look at Tom's excellent documentation as well! http://shorewall.org/OPENVPN.html > > Now I manually modified the iptables for the establishing and keeping the VPN > connection with the following commands and then it works as expected : > > > iptables -A INPUT -p tcp --dport 1194 -j ACCEPT > > iptables -A INPUT -i tun0 -j ACCEPT > iptables -A FORWARD -i tun0 -j ACCEPT Which is not a good idea. Gruss! Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Yahshua Loves You! ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
