I need some help here. I''m setting up an OpenVPN Connection point-to-point, every configuration looks allright, but I got one problem. Here''s the schema: clients --- SERVER A ------ tunnel 1 (50.0.24.1) --- SERVER B (shorewall) --- tunnel 1 (50.0.24.2) --- clients (LAN) PS: I don''t have access to the server A, the IT team from there just sent me the OpenVPN configuration to make the tunnel.>From my Shorewall (gateway) I can ping *both tunnels address and localIPs*trough the VPN connection.>From my *clients behind* my shorewall, I can just ping the tunnel 1(50.0.24.2), but I can''t ping the other side of the tunnel (50.0.24.1) and the other clients in that side. Here my confs: */etc/shorewall/interfaces* vpn tun+ detect */etc/shorewall/zones* vpn ipv4 */etc/shorewall/tunnels* openvpn:5024 net 0.0.0.0/0 */etc/shorewall/policy* loc loc ACCEPT $FW all ACCEPT vpn all ACCEPT all vpn ACCEPT net all DROP ULOG all all REJECT ULOG I don''t think this is a problem with the OpenVPN configuration, ''cause from my Shorewall I can reach the other side of VPN. I guess it''s just some detail in my rules. Thanks in advance. ____________________________ Jonatas Baldin de Oliveira Consultor de TI ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Hi. Take a look at /etc/shorewall/masq and create a line who masq your vpn with lan. Best regards. Emiliano Vazquez | PcCentro S.R.L. Office: +54 (11) 4635-7764 ext. 4 Celular: 15.6253.7165 Mail: emilianovazquez@gmail.com Web: http://www.pccentro.com.ar -----Original Message----- From: Jonatas Baldin <jonatas.baldin@gmail.com> Date: Mon, 17 Jun 2013 14:36:22 To: <shorewall-users@lists.sourceforge.net> Reply-To: Shorewall Users <shorewall-users@lists.sourceforge.net> Subject: [Shorewall-users] Shorewall + OpenVPN ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
My LAN interface is *br0*, with th IP *130.0.0.254.* * * What should I put in the file? */etc/shorewall/masq* vpn br0 Or should I put something else? Thx. 2013/6/17 <emilianovazquez@gmail.com>> Hi. > > Take a look at /etc/shorewall/masq and create a line who masq your vpn > with lan. > > Best regards. > > > Emiliano Vazquez | PcCentro S.R.L. > Office: +54 (11) 4635-7764 ext. 4 > Celular: 15.6253.7165 > Mail: emilianovazquez@gmail.com > Web: http://www.pccentro.com.ar > > -----Original Message----- > From: Jonatas Baldin <jonatas.baldin@gmail.com> > Date: Mon, 17 Jun 2013 14:36:22 > To: <shorewall-users@lists.sourceforge.net> > Reply-To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: [Shorewall-users] Shorewall + OpenVPN > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ____________________________ Jonatas Baldin de Oliveira Consultor de TI ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Hey Eminiliano, I use this line: *tun0 130.0.0.0/8* That address is my lan network, and it just work fine! Thank you for the help! 2013/6/17 Emiliano Vazquez <emilianovazquez@gmail.com>> El 17/06/13 14:55, Jonatas Baldin escribió: > > My LAN interface is *br0*, with th IP *130.0.0.254.* > * > * > What should I put in the file? > > */etc/shorewall/masq* > vpn br0 > > Or should I put something else? > > Thx. > > I have this. > > $cat /etc/shorewall/masq > # > # Shorewall version 4.0 - Sample Masq file for two-interface configuration. > # Copyright (C) 2006 by the Shorewall Team > # > # This library is free software; you can redistribute it and/or > # modify it under the terms of the GNU Lesser General Public > # License as published by the Free Software Foundation; either > # version 2.1 of the License, or (at your option) any later version. > # > # See the file README.txt for further details. > > #------------------------------------------------------------------------------ > # For information about entries in this file, type "man shorewall-masq" > > ############################################################################### > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > eth1 192.168.1.0/24 > tun0 192.168.1.0/24 > > > Good luck! > > > > -- > Emiliano Vazquez | PcCentro Informatica & CCTV > Office: +54 (11) 4635-3218 y Rotativas > Movil: 011-15-6253-7165 > Mail: emilianovazquez@gmail.com > Web: http://www.pccentro.com.ar > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- ____________________________ Jonatas Baldin de Oliveira Consultor de TI ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev