Re: [Fwbuilder-discussion] bridged OpenVPN and fwbuilder

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Jul 10, 2006, at 9:05 PM, Bill Chmura wrote:

>
> I recently did an Openvpn and PF firewall with fwbuilder.  In the  
> end I
> think I had to create a tun interface in the ruleset.  I forget  
> exactly
> what I had to name where, but looking at the ruleset it generated
> helped.  If there are no more helpful posts, in the morning I will  
> check
> and see what I did and post it.
>
> It's possible and even works.
>
>
>

Looks like Hans uses Linux (because interface name he mentions is  
"eth0") so he needs iptables solution. I have never implemented this  
so I can't help him. As far as I understand, the design of the rule  
set depends on whether OpenVPN creates a tunnel interface or not. I  
hear built-in IPSEC support in recent Linux kernels works without  
such interface so one has to use packet tagging to build iptables  
rules to deal with packets coming through IPSEC tunnel. Firewall  
Builder 2.1 supports action "Tag" and corresponding service object so  
such rules can be implemented in it. I would be interested to hear if  
anyone tried that.

--vk

>
>
> Kaiser, Hans wrote:
>> Hello list,
>>
>> I am trying to get a working openvpn  with fwbuilder. I run  
>> openvpn in
>> bridged mode.
>>
>> Here my network:
>> [Internet]----[DSL-router]-----[Firewall]-----[LAN]
>>
>> DSL-router: 192.168.178.1
>>
>> Firewall-eth1           192.168.178.24
>> Firewall-Defaultgateway 192.168.178.1
>>
>> Firewall-br0 (eth0)  192.168.1.112
>>
>> LAN: 192.168.1.0/24
>>
>> Does someone knows how to configure my rules in fwbuilder. I need  
>> a VPN
>> via Internet to access my networks 192.168.10/24 and  
>> 192.168.178.0/24.
>> OpenVPN runs on the Firewall and my DSL-router forwards the  
>> openVPN port
>> already to the firewall.
>>
>>
>> Here my interfaces:
>> br0     inet addr:192.168.1.112  Bcast:192.168.1.255  Mask: 
>> 255.255.255.0
>> eth0   no ip
>> eth1   inet addr:192.168.178.24  Bcast:192.168.178.255  Mask: 
>> 255.255.255.0
>> lo        inet addr:127.0.0.1  Mask:255.0.0.0
>> tap0   no ip
>>
>>
>> I hope someone can help...
>>
>> regards Hans
>
>
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwb...@li...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>
>
> !DSPAM:44b323c2223127321321431!
>