Menu
▾
▴
Re: [Shorewall-users] Routing network traffic via VPN
|
From: f q <u.p...@gm...> - 2013-01-05 22:40:09
|
Also, I think you want USE_DEFAULT_RT=Yes. I don't see how USE_DEFAULT_RT=No can possiblly work here, since you have to be able to route between the interfaces and both are provider interfaces. 1) I made the changes as you requested, and set "USE_DEFAULT_RT=Yes", in /etc/shorewall/shorewall.conf. 2) I issued a /sbin/shorewall restart to re-read the configuration file (I'm not sure this is entirely required, but I wanted to be sure the new changes were being reflected in the current running configuration) 3) Applied the configuration for the firewall, normal warnings: Adding Providers... WARNING: Interface tun0 is not usable -- Provider iPredator (2) not Started WARNING: No Default route added (all 'balance' providers are down) NOTICE: Default route restored 4) Connected to OpenVPN 5) Attempted to re-apply the firewall configuration, as before (no errors) 6) Attempted pings to verify connection (they traversed the VPN correctly) 7) Disconnected from the VPN, traffic then traversed my default connection incorrectly. Submitting dump after step 7, as above. On 1/5/13, Tom Eastep <te...@sh...> wrote: > On 01/05/2013 01:48 PM, Tom Eastep wrote: >> On 01/05/2013 01:43 PM, f q wrote: >>> Apologies, we've done so much tweaking trying to resolve the issue, I >>> haven't posted a current configuration in a bit. Here's "providers", >>> I can post the other files as well on request: >>> >>> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS >>> loc 1 1 - eth0 192.168.0.1 track,balance=1 >>> iPredator 2 2 - tun0 - track,balance=2 >>> >> >> But you didn't make the change that I recommended to put 'balance' on >> iPredator and 'fallback' on 'loc'. >> > > Also, I think you want USE_DEFAULT_RT=Yes. I don't see how > USE_DEFAULT_RT=No can possiblly work here, since you have to be able to > route between the interfaces and both are provider interfaces. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > |