Shorewall users - Nov 2005 - Resent: Problems with setting up openvpn/shorewall on my router box

and hy again!

the original message was to big - so i gzipped the files ...

hy !

I try to set up openvpn on my router/firewall box - I basically use the
road-warrior setup from http://www.shorewall.net/OPENVPN.html.

For testing I try to establish a tunnel over my Lan...

server -> 192.168.0.127
client -> 192.168.0.5

I have no problem creating the connections - openvpn is running cleanly
on both systems ...
the server gets the adress 192.168.254.1 and the client 192.168.254.6 -
I''m able to ping the client from the router box but the client cannot
reach router for an unknown reason... Now I try to find out what the
problem is and how to solve it. I''d be glad if I could count on your
help with clearing this up.

The routing table on the client looks like this:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.254.5   *               255.255.255.255 UH    0      0        0 tun0
localnet        *               255.255.255.0   U     0      0        0 eth0
192.168.254.0   192.168.254.5   255.255.255.0   UG    0      0        0 tun0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.0.127   0.0.0.0         UG    1      0        0 eth0


The logs and configs are attached. Oh, I forgot to say that the client
doesn''t have any firewall.

thanks in advance for every suggestion
Roman

PS: please delete the previous mail ...

On Tuesday 15 November 2005 09:44, Roman wrote:
>
> The logs and configs are attached. Oh, I forgot to say that the client
> doesn''t have any firewall.
>
In Shorewall, you haven''t enabled traffic from the remote client to the
firewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
>On Tuesday 15 November 2005 09:44, Roman wrote:
>
>  
>
>>The logs and configs are attached. Oh, I forgot to say that the client
>>doesn''t have any firewall.
>>
>>    
>>
>
>In Shorewall, you haven''t enabled traffic from the remote client to
the
>firewall.
>
>-Tom
>  
>
Haven''t I? I have a policy: road fw ACCEPT - seems that this
doesn''t work?


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

On Tuesday 15 November 2005 10:09, Roman wrote:
> Tom Eastep wrote:
> >On Tuesday 15 November 2005 09:44, Roman wrote:
> >>The logs and configs are attached. Oh, I forgot to say that the
client
> >>doesn''t have any firewall.
> >
> >In Shorewall, you haven''t enabled traffic from the remote
client to the
> >firewall.
> >
> >-Tom
>
> Haven''t I? I have a policy: road fw ACCEPT - seems that this
doesn''t work?
Do you have it after the all all Reject policy? Here''s the tun+ input
chain:

Chain tun_in (1 references)
 pkts bytes target     prot opt in     out     source               
destination         
   31  2466 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
state INVALID,NEW 
   51  4092 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0   

That indicates that the road->fw policy is the all->all policy.        

Plus there is no ''road2fw'' chain in your configuration.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key