On Thu, Mar 26, 2020 at 07:11:57PM +0100, Norman Henderson wrote: > Hi, > Suddenly -not sure why - I can't establish my OpenVPN tunnel because the > packets are leaving from the wrong interface, not appropriate to the source > address given to OpenVPN. A shorewall trace shows (with IP's altered): > fMar 26 18:57:46 cem05fw kernel: [ 4389.595024] TRACE: raw:OUTPUT:policy:13 > IN= OUT=vlan5 SRC=0.0.4.238 DST=0.0.15.83 LEN=70 TOS=0x00 PREC=0x00 TTL=64 > ID=59557 DF PROTO=UDP SPT=5001 DPT=5001 LEN=50 UID=0 GID=0 > > However, the 0.0.4.238 address is on vlan6, not vlan5. The address > mentioned in the OpenVPN "local" directive is 0.0.4.238. The rest of the > trace sticks with vlan5 and that (inappropriate) address. However, packets > arriving at the server arrive at the correct destination address from > the address of vlan5, which (altered) is 0.0.229.214. > > It was all working fine until earlier today. I added an unrelated interface > on vlan2 with a 192.168 address (actually altered a previous vlan2 > interface). Any suggestions on where to look? Our Email is down until this > is resolved...
Is it resolved if you remove the unrelated interface ? I think you need the providers' "track" option. https://shorewall.org/4.6/MultiISP.html#providers https://shorewall.org/4.6/MultiISP.html#Local -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
