Menu
▾
▴
Re: [Openvpn-users] OpenVPN on SuSE 8.0
|
From: bishop <bi...@pl...> - 2002-08-07 01:58:24
|
Hey Ernesto, I'll take a look, if I may, at your OpenVPN and LZO packages, and see if I can hook some distro-densistive changes into what I've submitted for OpenVPN. That is, when I get some time and if James will let me! That way, we can still maybe build all the RPMs from one SRPM, and use one known-good procedure for installation. Good plan? I'm moving 5000km in 4-7 days, so I'm swamped for this kinda stuff. Gimme a week to look at incorporating the work? - bish Ernesto Baschny wrote: > Hi! > > Since SuSE uses slight different standards (for /etc/init.d etc), I > created a RPM for openvpn that will work on SuSE 8.0 like a charm. > > Those two RPMs are needed: > > http://www.baschny.de/linux/SuSE-8.0/RPMS/liblzo-1.08-6.i386.rpm > http://www.baschny.de/linux/SuSE-8.0/RPMS/openvpn-1.3.1-11.i386.rpm > > (none of these are included in SuSE 8.0's distribution). > > The src.rpm can be found here: > > http://www.baschny.de/linux/SuSE-8.0/SRPMS/liblzo-1.08-6.src.rpm > http://www.baschny.de/linux/SuSE-8.0/SRPMS/openvpn-1.3.1-11.src.rpm > > > If you care to use SuSEfirewall2, here are some tips with which I made > it work with OpenVPN: > > In file /etc/sysconfig/SuSEfirewall2: > > FW_DEV_INT > add "tun0" and other tunnel devices here > > FW_SERVICES_EXT_UDP > add "5000" or whatever port your remote party connects to > > FW_ALLOW_INCOMING_HIGHPORTS_UDP > add "5000" here too > > FW_FORWARD > add these three rules here: > <remote-tunnel-ip>/32,<local-network>/<cidr> > <local-LAN>/<cidr>,<remote-tunnel-ip>/32 > <local-LAN>/<cidr>,<remote-LAN>/<cidr> > (this to allow connections to and from the remote tunnel to the > local LAN and between both LANs). > > FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" > also add this line here > > In file /etc/sysconfig/scripts/SuSEfirewall2-custom: > Add the following in the proc fw_custom_before_denyall: > > iptables -A INPUT -i tun+ -j ACCEPT > iptables -A FORWARD -i tun+ -j ACCEPT > iptables -A INPUT -i tap+ -j ACCEPT > iptables -A FORWARD -i tap+ -j ACCEPT > > Just call /sbin/SuSEfirewall2 when the tunnel is up (else it will not > find "tun0" interface :( ), maybe in your <tunnel>.up file. > > I am not 100% sure if all of this is needed, since a lot of experimenting > went by until it worked. If you find out that one or two of these things > are not needed, just let us know!! > > -- > Ernesto Baschny <er...@ba...> > http://www.baschny.de - PGP: http://www.baschny.de/pgp.txt > Sao Paulo/Brasil - Stuttgart/Germany > Ernst@IRCnet - ICQ# 2955403 > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Despite explicit debarment policies, the State of Arizona is paying Federally convicted criminals millions for their services. How is your state or province spending YOUR money? http://www.linuxandmain.com/modules.php?name=News&file=article&sid=127 |
