Shorewall users - Mar 2013 - Openvpn with routing to another inside Hard router

I have installed Openvpn 2.3.0 and Shorewall 4.5.4 and all is working fine.
Now, i have the next situation that y don`t know how to resolve.

 All my openvpn clients have access to 10.1.2.0 network but y have another
hardware firewall (IN interface 10.1.2.X OUT interface 192.168.3.X).

Here is my problem, i don''t know how to say vpn clients that to go for
192.168.3.X network, they have to go over 10.1.2.X).

 In my firewall i have the route

 192.168.3.0/24 via 10.1.2.230 dev eth7.

 I don''t knor if the solution is over openvpn or Shorewall.

 Some idea please??


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

On 03/20/2013 02:39 PM, Javier Martinez wrote:
> I have installed Openvpn 2.3.0 and Shorewall 4.5.4 and all is working
> fine. Now, i have the next situation that y don`t know how to resolve.
> 
> All my openvpn clients have access to 10.1.2.0 network but y have
> another hardware firewall (IN interface 10.1.2.X OUT interface
> 192.168.3.X).
> 
> Here is my problem, i don''t know how to say vpn clients that to go
for
> 192.168.3.X network, they have to go over 10.1.2.X).
> 
> In my firewall i have the route
> 
> 192.168.3.0/24 <http://192.168.3.0/24> via 10.1.2.230 dev eth7.
> 
> I don''t knor if the solution is over openvpn or Shorewall.
> 
> Some idea please??
The solution is in OpenVPN. You must push a route to the OpenVPN clients.

In your OpenVPN .conf file, add:

push "route 192.168.3.0 255.255.255.0".

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

Is necessary to write a policy in shorewall??? like road loc3 ACCEPT ???

2013/3/20 Tom Eastep <teastep@shorewall.net>
> On 03/20/2013 02:39 PM, Javier Martinez wrote:
> > I have installed Openvpn 2.3.0 and Shorewall 4.5.4 and all is working
> > fine. Now, i have the next situation that y don`t know how to resolve.
> >
> > All my openvpn clients have access to 10.1.2.0 network but y have
> > another hardware firewall (IN interface 10.1.2.X OUT interface
> > 192.168.3.X).
> >
> > Here is my problem, i don''t know how to say vpn clients that
to go for
> > 192.168.3.X network, they have to go over 10.1.2.X).
> >
> > In my firewall i have the route
> >
> > 192.168.3.0/24 <http://192.168.3.0/24> via 10.1.2.230 dev eth7.
> >
> > I don''t knor if the solution is over openvpn or Shorewall.
> >
> > Some idea please??
>
> The solution is in OpenVPN. You must push a route to the OpenVPN clients.
>
> In your OpenVPN .conf file, add:
>
> push "route 192.168.3.0 255.255.255.0".
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

On 03/20/2013 03:08 PM, Javier Martinez wrote:
> Is necessary to write a policy in shorewall??? like road loc3 ACCEPT ???
> 
Yes -- if there isn''t already an ACCEPT policy that covers this
traffic.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar