On 3/26/20 1:11 PM, Norman Henderson wrote:
Hi,
Suddenly -not sure why - I can't establish my OpenVPN tunnel because
the packets are leaving from the wrong interface, not appropriate to
the source address given to OpenVPN. A shorewall trace shows (with
IP's altered):
fMar 26 18:57:46 cem05fw kernel: [ 4389.595024] TRACE:
raw:OUTPUT:policy:13 IN= OUT=vlan5 SRC=0.0.4.238 DST=0.0.15.83 LEN=70
TOS=0x00 PREC=0x00 TTL=64 ID=59557 DF PROTO=UDP SPT=5001 DPT=5001
LEN=50 UID=0 GID=0
However, the 0.0.4.238 address is on vlan6, not vlan5. The address
mentioned in the OpenVPN "local" directive is 0.0.4.238. The rest of
the trace sticks with vlan5 and that (inappropriate) address. However,
packets arriving at the server arrive at the correct destination
address from the address of vlan5, which (altered) is 0.0.229.214.
It was all working fine until earlier today. I added an
unrelated interface on vlan2 with a 192.168 address (actually altered
a previous vlan2 interface). Any suggestions on where to look? Our
Email is down until this is resolved...
Thanks, Norm
Have you tried reversing your changes to see if that corrects the problem?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
