davenews@thebarnums.net
2005-Mar-13 02:37 UTC
Bridging Firewall with windows OpenVPN road warriors?
I have previously set up an openvpn LAN to LAN bridging VPN so I know a little about what has to happen. The gateways on either ends were running older version of shorewall that did not support openvpn directly so I just basically opened ports for it and used bridging with tap interfaces. I am no longer using that vpn link to the other house but now that i''ve upgraded I would like to use the openvpn features in shorewall. I would like to set up some roadwarrior clients with the Windows Openvpn client [ http://openvpn.se/ ] and my linux/shorewall firewall on the other side. I would like to play games between the lan and the road warriors so it has to be able to do bridging. The examples I see in the documentation use tun interfaces.. (tun=Not bridging correct?) So my question is could someone either point me to some documentation that will explain a bridging road warrior setup or give me a synopsis?
Tom Eastep
2005-Mar-13 03:48 UTC
Re: Bridging Firewall with windows OpenVPN road warriors?
davenews@thebarnums.net wrote:> So my question is could someone either point me to some > documentation that will explain a bridging road warrior setup or give me > a synopsis?If you read the following four articles, you will have all the information you need: http://shorewall.net/bridge.html http://shorewall.net/VPNBasics.html http://shorewall.net/bridge.html http://shorewall.net/SimpleBridge.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep
2005-Mar-13 04:03 UTC
Re: Bridging Firewall with windows OpenVPN road warriors?
Tom Eastep wrote:> davenews@thebarnums.net wrote: > >>So my question is could someone either point me to some >>documentation that will explain a bridging road warrior setup or give me >>a synopsis? > > > If you read the following four articles, you will have all the > information you need: > > http://shorewall.net/bridge.html > http://shorewall.net/VPNBasics.html > http://shorewall.net/bridge.html > http://shorewall.net/SimpleBridge.html >Sorry -- I duplicated one -- I meant to include: http://shorewall.net/OPENVPN.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
davenews@thebarnums.net
2005-Mar-16 02:14 UTC
Re: Bridging Firewall with windows OpenVPN road warriors?
OK I have issues. The openvpn page there doesn''t talk directly about tap devices, only tun so i''m not 100 % sure i''m doing things right. Basically I set up my server and start the openvpn service. I have my windows client on the internet and attempt to connect.. It does connect successfully and gets authorized through the certificates BUT it doesn''t get an ip address even though the server SEEMS to push it out. RTue Mar 15 17:04:15 2005 us=618497 clientDaveB/69.242.1.x:4859 PUSH: Received control message: ''PUSH_REQUEST'' Tue Mar 15 17:04:15 2005 us=618800 clientDaveB/69.242.1.x:4859 SENT CONTROL [clientDaveB]: ''PUSH_REPLY,route 192.168.7.0 255.255.255.0,dhcp-option DNS 192.168.7.1,route-gateway 192.168.7.3,ping 10,ping-restart 120,ifconfig 192.168.7.230 255.255.255.0'' (status=1) WWWWRRRTue Mar 15 17:04:17 2005 us=977784 clientDaveB/69.242.1.152:4859 MULTI: Learn: 00:ff:15:8a:41:35 -> clientDaveB/69.242.1.x:4859 wRwWRwWRWR But my windows openvpn client never gets an address. Any Ideas? I will attach my configuration files. config.ovpn = windows client server.conf = linux server I suppose it could be my fw configuration but i''m not so sure it is. I have eth0 as the outside interface. br0 is the addressed internal interface. Under that bridge is the internal physical interface eth1 and also tap0. I have openvpn:tcp:1194 net 0.0.0.0/0 in shorewall/tunnels. In /etc/shorewall/interfaces ... - br0 detect in /etc/shorewall/hosts ... loc br0:eth1 vpn br0:tap+ routeback Tom Eastep wrote:>Tom Eastep wrote: > > >>davenews@thebarnums.net wrote: >> >> >> >>>So my question is could someone either point me to some >>>documentation that will explain a bridging road warrior setup or give me >>>a synopsis? >>> >>> >>If you read the following four articles, you will have all the >>information you need: >> >> http://shorewall.net/bridge.html >> http://shorewall.net/VPNBasics.html >> http://shorewall.net/bridge.html >> http://shorewall.net/SimpleBridge.html >> >> >> > >Sorry -- I duplicated one -- I meant to include: > > http://shorewall.net/OPENVPN.html > >-Tom > >
Tom Eastep
2005-Mar-16 03:14 UTC
Re: Bridging Firewall with windows OpenVPN road warriors?
davenews@thebarnums.net wrote:> OK I have issues. The openvpn page there doesn''t talk directly about > tap devices, only tun so i''m not 100 % sure i''m doing things right. > Basically I set up my server and start the openvpn service. I have my > windows client on the internet and attempt to connect.. It does connect > successfully and gets authorized through the certificates BUT it doesn''t > get an ip address even though the server SEEMS to push it out. >Does this VPN setup work perfectly if you "shorewall clear"? If not, please don''t post on this list again until it does. If it works after a "shorewall clear" but doesn''t after you "shorewall start" then please give us the SHOREWALL information that we ask for in http://shorewall.net/support.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key