From: Werner vd M. <we...@sa...> - 2006-05-04 14:21:19
|
Hi Tom, Thanks for the advice, apologies for doing the post the wrong way - am just a but despondent for trying 2 days without success. I have looked at http://www.shorewall.net/OPENVPN.html#Bridge but obviously missed something. I will try the interface changes - thank you again. Kind regards Werner -----Original Message----- From: sho...@li... [mailto:sho...@li...] On Behalf Of Tom Eastep Sent: 04 May 2006 03:58 PM To: sho...@li... Subject: Re: [Shorewall-users] Shorewall/OpenVPN issue Werner vd Merwe wrote: > > If two clients connect via OpenVPN (bridged), they can access each other > without any problems, but neither of them can access the server, nor any > system behind it. > > I am fairly sure it is a Shorewall issue, but I am very new to Shorewall, > having moved over from Turtlefirewall about a week ago. May I suggest in the future, when you suspect that Shorewall is blocking communication *look at your log* (see http://www.shorewall.net/shorewall_logging.html). > > Here my configs: > > IP Forwarding is enabled. > > Zones: > lan lan > ext internet > vpn tun > > Interfaces: > lan br0 detect > ext ppp0 detect norfc1918,routefilter > vpn tun0 detect > vpn tap0 detect > Please review the article at http://www.shorewall.net/OPENVPN.html#Bridge. It give instructions for configuring an OpenVPN bridge in Shorewall. In particular: - Bridge ports (such as tap0) are never listed in the interfaces file. - The bridge (br0) needs the 'routeback' option specified. The instructions in the above article will simply make bridged clients part of your 'lan' zone. If you want to make them a separate zone, then you need to create a bridge/firewall as described at http://www.shorewall.net/bridge.html. If you have the need to make another problem report, please include the information requested at http://www.shorewall.net/support.htm. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 2006/05/03 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 2006/05/03 |