On 3/26/20 11:11 AM, Norman Henderson wrote: > Hi, > Suddenly -not sure why - I can't establish my OpenVPN tunnel because the > packets are leaving from the wrong interface, not appropriate to the > source address given to OpenVPN. A shorewall trace shows (with IP's > altered): > fMar 26 18:57:46 cem05fw kernel: [ 4389.595024] TRACE: > raw:OUTPUT:policy:13 IN= OUT=vlan5 SRC=0.0.4.238 DST=0.0.15.83 LEN=70 > TOS=0x00 PREC=0x00 TTL=64 ID=59557 DF PROTO=UDP SPT=5001 DPT=5001 LEN=50 > UID=0 GID=0 > > However, the 0.0.4.238 address is on vlan6, not vlan5. The address > mentioned in the OpenVPN "local" directive is 0.0.4.238. The rest of the > trace sticks with vlan5 and that (inappropriate) address. However, > packets arriving at the server arrive at the correct destination address > from the address of vlan5, which (altered) is 0.0.229.214. > > It was all working fine until earlier today. I added an > unrelated interface on vlan2 with a 192.168 address (actually altered a > previous vlan2 interface). Any suggestions on where to look? Our Email > is down until this is resolved... >
Appears to be a routing problem. What is the output of 'shorewall show routing'? And please send it to me privately and unaltered and give me the real IP addresses. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
