From: Das <da...@gm...> - 2011-08-21 22:34:18
|
Sorry typo before, meant to say; By the way this is what I have so far; THANKS On Sun, Aug 21, 2011 at 12:33 PM, Das <da...@gm...> wrote: > Hi, > > No I always start the VPN first then the applications afterwards... > > By the this is what I have so far; > > Interfaces; > http://pastebin.com/sDm77XrU > > Policy; > http://pastebin.com/aN0wa3Nw > > Rules; > http://pastebin.com/QLGBBRLG > > Even with what I'm using right now, it seems to be working ok, I just > realized, at least it seems like, that when I'm going over the vpn, > even though the application uses TCP, since the VPN is UDP I need to > have that listed in the rules, so you'll see I added it in as tcp,udp > and I noticed less problems with the logs flooding dropping then. > Where as if I just only had tcp, then I'd see at times UDP was being > dropped and since I added it in, I no longer saw it being dropped. > > Strange thing though, I'm sitting behind a nat router and I never > forwarded the ports on the router, only used the rules in Shorewall > and it seemed to work just fine and route me over the VPN, which I > also thought how can that be... But I figure I should be opening the > ports that the VPN needs is all. > > So besides the interfaces, policy and rules, to use OpenVPN with a VPN > service like I've explained should I use also tunnels, or hosts? Tom > said I need one, not both and I think it was tunnels like this; > > > #TYPE ZONE GATEWAY GATEWAY ZONE > openvpn net 134.28.54.2 > > And I believe he said for the gateway IP, to use the actual IP I'm > connected to... > > > THANKS > > > > > On Sun, Aug 21, 2011 at 12:21 AM, Ed W <li...@wi...> wrote: >> On 21/08/2011 05:24, Das wrote: >>> So my whole point I'm trying to ask is, when I'm on a VPN why would I >>> still see Shorewall dropping traffic? Because the traffic should not >>> be seeing me, it should see the VPN and this is where I'm confused, >>> it's like I'm still there visible when I'm not suppose to be... >> >> Random thought, but did you fire up the application BEFORE starting >> openvpn? Presumably it runs some heuristics to figure out what your >> public IP address is, and if this were run before you started openvpn >> then it would be telling your clients the "wrong" address? >> >> Ed W >> >> ------------------------------------------------------------------------------ >> Get a FREE DOWNLOAD! and learn more about uberSVN rich system, >> user administration capabilities and model configuration. Take >> the hassle out of deploying and managing Subversion and the >> tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 >> _______________________________________________ >> Shorewall-users mailing list >> Sho...@li... >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > |