[Shorewall-users] OpenVPN setup

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running Shorewall 4.4.0/Debian Lenny and I'm trying to setup OpenVPN
with a mild degree of success so far.

My ultimate end goal is to basically have an extension of my home lan to
my laptop as well as my wife's when we are away from home, and have all
of my normal network resources available as if I were sitting at home
locally on the lan.

I run a mix of Linux/OSX machines on a single 192.168.1.0/24 subnet with
shorewall, the subnet is on eth1 of my firewall machine respectively, my
DSL modem is on eth0.

- From what I have read today, I need to use OpenVPN in "bridge" mode
which I believe to have accomplished thus far (I can at least get the
tunnel to come up), but I am unable to pull an IP via DHCP to the DHCP
server sitting on the firewall (bound to eth1, same as local lan. I'm
using dhcpd)

I've poured through the bridging and OpenVPN docs on the shorewall site,
but I'll admit I'm a little lost and could use some direction. I think I
understand a little bit on what's left to be done, but not sure what
direction to take next?

In the end, I think I basically want to bridge eth1 to tap0, which I
believe I have already accomplished:

bubastis:/etc/openvpn# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.002127e00061	no		eth1
							tap0

bubastis:/etc/openvpn# ifconfig br0
br0       Link encap:Ethernet  HWaddr 00:21:27:e0:00:61
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::221:27ff:fee0:61/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8031 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4782 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:671285 (655.5 KiB)  TX bytes:756178 (738.4 KiB)

bubastis:/etc/openvpn# ifconfig tap0
tap0      Link encap:Ethernet  HWaddr 00:ff:72:cd:d1:b5
          inet6 addr: fe80::2ff:72ff:fecd:d1b5/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:36 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:231 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:8902 (8.6 KiB)  TX bytes:750 (750.0 B)

Am I on the right track for accomplishing what I am trying to do? I
think my next step is to add something to the zones and policy files,
but not 100% sure....

Any help appreciated...

Thanks,
Stephen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAktrHEsACgkQ3sJXNEncx7iBFgCfbctJTFQr6ckEGA0McroELlya
j34AnigDAduPziKYomCUX0VoFzOIN/5w
=1vXN
-----END PGP SIGNATURE-----