On 3/27/2015 6:14 AM, Thomas Winkler wrote: > Hello, > > @ Ahmed : I used your latest rule but still it doesn't work. > > This is the iptables LOG output after running shorewall with your rule added : > > INPUT:DROP:IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX > SRC=192.168.70.85 DST=192.168.70.19 LEN=52 TOS=0x00 PREC=0x00 TTL=128 > ID=14365 DF PROTO=TCP SPT=51191 DPT=1194 WINDOW=8192 RES=0x00 SYN URGP=0 > > > So the iptable is still dropping the VPN client's initial connection request > on port 1194. > > > > @ Angela : > > I am using TCP so I added 'tcp' in tunnels but as above mentioned the VPN > client can't connect to the openvpn server ( iptables shows same DROP > behavior as above mentioned). > > This is my configuration : > > > > interfaces:vpn tun+ > policy:loc vpn ACCEPT > policy:vpn fw ACCEPT > policy:vpn net ACCEPT > policy:vpn loc ACCEPT > tunnels:openvpnserver:tcp:1194 net 0.0.0.0/0 > zones:vpn ipv4 > > > > As shorewall also doesn't generate the shorewall.log file, I begin to believe > that my Debian Wheezy ARM shorewall version might have some errors ? >
The clue here is that the packet is being dropped in the INPUT chain -- see Shorewall FAQ 17. If that doesn't help, then please follow Angela's latest advise. Thanks, -Tom PS to the list -- I've been ill the last week, but am slowly beginning to bet back to normal. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
