Shorewall users - Sep 2013 - Shorewall OpenVPN, routing back from a LAN

When using shorewall with a road warrior openvpn setup, how can I get the
tun interface to masq through a lan interface?

Example Setup:

Machine A (tun0 10.0.0.1) -----------VPN---------(tun0
10.0.0.2)---------Machine B(10.10.10.1)

When I ping Machine B from Machine B, Machine B is receiving the echo
request, but it doesn''t know the route back to the 10.0.0.0/24, and
there
isn''t a gateway to store routing tables, nor is it easy to add routes
on
Machine B because there are about 30 of them.

I''m trying to use masq to do this with

eth1    tun0

but I get a warning;
"Using an interface as the masq SOURCE requires the interface to be up and
configured when Shorewall starts/restarts..."

The interface is up, and configured, how every it doesn''t seem to be
doing
a dnat.


------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk

Sorry Tom.. I guess I was getting a bit tired because masq is working this
morning. Still seeing the warning, but I remember seeing an interface
option (like optional) that I can pass so I''ll figure that out.


Thanks


On Thu, Sep 5, 2013 at 11:18 PM, johnny bowen <jbowen7@gmail.com> wrote:
> When using shorewall with a road warrior openvpn setup, how can I get the
> tun interface to masq through a lan interface?
>
> Example Setup:
>
> Machine A (tun0 10.0.0.1) -----------VPN---------(tun0
> 10.0.0.2)---------Machine B(10.10.10.1)
>
> When I ping Machine B from Machine B, Machine B is receiving the echo
> request, but it doesn''t know the route back to the 10.0.0.0/24,
and there
> isn''t a gateway to store routing tables, nor is it easy to add
routes on
> Machine B because there are about 30 of them.
>
> I''m trying to use masq to do this with
>
> eth1    tun0
>
> but I get a warning;
> "Using an interface as the masq SOURCE requires the interface to be up
and
> configured when Shorewall starts/restarts..."
>
> The interface is up, and configured, how every it doesn''t seem to
be doing
> a dnat.
>

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk

On 9/6/2013 12:33 PM, johnny bowen wrote:
> Sorry Tom.. I guess I was getting a bit tired because masq is working
> this morning. Still seeing the warning, but I remember seeing an
> interface option (like optional) that I can pass so I''ll figure
that out.
> 
Johnny,

Replace the interface name in the SOURCE column with the related IP
subnet(s). That will eliminate that warning.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk

Thanks Tom,

Works exactly the way I wanted now.
On Sep 6, 2013 2:32 PM, "Tom Eastep" <teastep@shorewall.net>
wrote:
> On 9/6/2013 12:33 PM, johnny bowen wrote:
> > Sorry Tom.. I guess I was getting a bit tired because masq is working
> > this morning. Still seeing the warning, but I remember seeing an
> > interface option (like optional) that I can pass so I''ll
figure that out.
> >
>
> Johnny,
>
> Replace the interface name in the SOURCE column with the related IP
> subnet(s). That will eliminate that warning.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
>
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk