On Tue, May 26, 2015, at 12:47 PM, Tom Eastep wrote: > Then I think that the most straight-forward thing to do is: > > a) Make the OpenVPN interface 'optional' with no 'wait=' specified in the > interfaces file.
Done. > b) Start OpenVPN after Shorewall-lite. Starting it with a script from within SW? or, using the Openvpn systemd unit's dependencies? If the former, where: in SHOREWALL/started? If the latter, after which systemd dependency -- shorewall-lite.service, shorewall-lite.target, shorewall-init.service or shorewall-init.target? > c) Use OpenVPN scripting to enable the interface after the tunnel is up > (shorewall-lite enable tunX) and to disable it when the tunnel goes down > (shorewall-lite disable tunX). At the moment, I'm using wicked ifup tun1 wicked ifdown tun1 in Openvpn's up/down scripts. I'm not clear on any advantage/requirement of either using wicked or shorewall-lite to toggle the tun1 intfc's up/down state. Is there a preference / recommendation between them? Thanks. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
