Thanks Tom !
CLAMPMSS option in shorewall.conf caused the error. My Linux kernel on Debian 7.8 ARM didn't support that option. I set CLAMPMSS=No and now Shorewall works perfectly with my OpenVPN server. You solved my issue. Regards Thomas Gesendet: Montag, 30. März 2015 um 20:52 Uhr Von: "Tom Eastep" <[email protected]> An: [email protected] Betreff: Re: [Shorewall-users] OpenVPN server with Shorewall not working On 3/30/2015 11:07 AM, Thomas Winkler wrote: > Hello, > > I ran the shorewall debug start 2>/tmp/trace command and this is the output > of the trace file : > > WARNING: Using an interface as the masq SOURCE requires the interface to be > up and configured when Shorewall starts/restarts /etc/shorewall/masq (line 1) > iptables: No chain/target/match by that name. > ERROR: Command "/sbin/iptables -t filter -A FORWARD -p tcp --tcp-flags > SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" Failed > Terminated > Looks like your kernel/iptables doesn't support the TCPMSS target, so you can't use the CLAMPMSS option in shorewall.conf. Shorewall has never tried to determine if TCPMSS is available or not since it is very rare that it is not available. What distribution are you running? > > And I don't have any rfc1918 file in /etc/shorewall. The failing rule has nothing to do with RFC 1918. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/_______________________________________________[http://goparallel.sourceforge.net/_______________________________________________] Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users[https://lists.sourceforge.net/lists/listinfo/shorewall-users] ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
