Menu
▾
▴
Re: [Shorewall-users] Problem With OpenVPN Connectivity
|
From: Tom E. <te...@sh...> - 2011-07-29 03:07:23
|
On Jul 28, 2011, at 6:38 PM, Das wrote: > Hi, > > Ok so this? > > openvpnclient net <actual IP I connect to?> > > So if I make the tunnels like above, to the actual IP and then I make the policy like below: > > # Block this machine from accessing NET ZONE accept for exceptions in /etc/shorewall/rules > $FW net DROP ULOG > > # Allow this machine to access the VPN ZONE for everything > $FW vpn ACCEPT > > This isn't doing anything... > > Am I understanding this correct that those two lines with the tunnels is all I need now in the policy, if so, then how is someone suppose to connect to the internet over eth0 or wlan0 net if it's not being accepted first? > > I'm using a computer that I want to have normal internet connectivity and I do not see how that is possible with only those 2 lines above, also like that you can't connect to the VPN, you have to accept the net first then drop it later once connected to the vpn, so I still do not see what the tunnels is doing... > > > 1. I use a broadband internet connection for a desktop/laptop. > 2. Besides normal internet activities I also use OpenVPN. > 3. When using OpenVPN I want to protect the computer from being able to get back online if the VPN connection drops, this is the objective here and that is why I have the policy like that, because as you can see, once I am connected to the vpn I then drop the net and no longer accept it and like that, if the vpn connection goes down, I can't get back online and that is what I want, the VPN is for protection, so of course I don't want to be online without it... > > Because of 1-3 this is why I make the policy like this, I see no other way around this, or I'm very lost here, or I'm not explaining this very well for others to understand what I'm trying to do... I'm done with this. Maybe someone else on the list has the patience to carry on. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |