Thanks very much Tom. Perhaps something for the wish list - although there
might be dozens of interface types that aren't in /etc/network/interfaces,
not just OpenVPN tunnels...
Best regards, Norm

On Tue, Feb 23, 2016 at 5:33 PM, Tom Eastep <teas...@shorewall.net> wrote:

> On 02/23/2016 02:48 AM, Norman Henderson wrote:
> > Hi, I'm running shorewall 4.5.21.6 on Ubuntu 14.04.1 on one system and
> > on 14.04.3 on another system. Working on some failover scenarios I
> > installed shorewall-init first using aptitude, then by hand (also
> > 4.5.21.6). Either way appeared to work fine. I configured
> > /etc/default/shorewall-init with PRODUCTS="shorewall" and IFUPDOWN=1.
> >
> > I have some openvpn tunnels that are providers i.e. have their own
> > routing tables and corresponding ip rules (route_rules). The problem is,
> > that if I run (e.g.) service openvpn stop tun5 - shorewall does not
> > reconfigure accordingly. That is to say, ifconfig tun5 reports Device
> > not found - however, ip rule still shows the rule corresponding to that
> > tunnel and ip route still shows the corresponding table.
> >
> > If I manually run shorewall restart, then the rule disappears and the
> > routing table is cleared.  Also, /var/lib/shorewall/tun5.status toggles
> > from 0 to 1 only after the manual shorewall restart. Behavior is
> > analogous when I restart the tunnel - a manual "shorewall restart" is
> > needed before anything appears to change.
> >
> > What is interesting, is that if I do an ifdown eth0 or ifup eth0,
> > shorewall-init DOES reconfigure appropriately (a different provider and
> > different route_rules of course). But I can't use ifup or ifdown on an
> > openvpn tunnel, they don't appear in /etc/network/interfaces.
> >
> > What am I missing? Or is this simply unsupported, in which case I guess
> > I can put an explicit shorewall restart into the openvpn configs...
> >
>
> You need to do a restart via OpenVPN -- Shorewall Init only handles
> interfaces that appear in /etc/network/interfaces and those managed by
> NetworkManager.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to