On 10/28/2017 08:13 AM, [email protected] wrote: > > I'm working on setting up a firewall + openvpn on a linux/systemd machine. > > I have these pieces to the puzzle. > > Physical Ethernet interfaces, INT & EXT > Virtual TUN/TAP interface > Shorewall 4/6 > OpenVPN > > Systemd controls the start/stop of Shorewall & OpenVPN. > > I'm confused at what's supposed to be controlling the up/down of the > interfaces -- the OS? Shorewall? OpenVPN? > > Especially when OpenVPN or Shorewall gets restarted, what ORDER should all > the dependencies be in? > > E.g., if I stop OpenVPN, should Shorewall be stopped before or after? What > about the TUN interface? etc.
OpenVPN handles the TUN interface. You should configure Shorewall so that OpenVPN can be restarted without affecting Shorewall: - Don't name the TUN interface in the SOURCE column of the masq file. - Don't use any option for the TUN interface in /etc/shorewall /interfaces that causes a change in /proc/sys/net/config/. - Don't make the TUN interface 'optional'. > > In the docs and online I found bits and pieces but so far no good, > kitchen-sink tutorial. > > I'd appreciate any good outlines, recommendations, pointers to tutorials etc. > -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
