Re: [Shorewall-users] Anyone using Softether VPN + Shorewall?

Sun, 11 Oct 2020 08:30:34 -0700 

On 10/11/20 3:03 AM, Nicola Ferrari (#554252) wrote:
> Hi list!
> 
> Today I'm writing here since me and my colleague are trying to implement
> a solution as summarized here:
> - Raspberry Pi (debian-like arm distro)
> - Shorewall installed
> - Softether vpn installed, with internal dhcp for vpn clients (vpn zone)
> - LAN + Wireless in bridge (loc zone)
> - UMTS/4g dongle connected on USB, detected as net interface
> (net zone)
> 
> We now managed to reach the raspberry (aka shorewall host) via vpn but
> it seems that forward chain is not working as expected, maybe for a
> mis-configured file? (vpn clients cannot reach the loc zone)
> 
> 192.168.8.1 is the private-side ip of the 4g dongle (net zone)
> 192.168.31.0/24 is the loc zone (eth0 bridged with wlan0)
> 
> Attached files are shorewall dump and softether config
> 
> The reason why we chose softether is that we need a cloud-vpn solution
> since our provider doesn't provide as a public ip at the sim side but
> they're connected with a private nat-ed ip on the router side, so an
> openvpn server or similar listening on the wan ip cannot be a solution.
> 
> Many thanks for any of your hints!
> (And please, be patient with my poor english :) )
> 

This is usually a routing problem at the client end of the VPN. That
host doesn't know how to route packets to your internal network, so it
routes them through it's default route. In OpenVPN, the server can
'push' those routes (using the 'push' directive in server's config file.
Does softether support a similar feature?

-Tom
-- 
Tom Eastep        \ Q: What do you get when you cross a mobster
Shoreline,         \    with an international standard?
Washington, USA     \ A: Someone who makes you an offer you
http://shorewall.org \    can't understand
                      \________________________________________

Attachment: OpenPGP_0x96E6B3F2423A4D10.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to