Hi, I'm using shorewall 4.5.21.5 (on F20, FWIW, but that probably doesn't matter much). I have OpenVPN on my shorewall-protected router with a number of remote connections (that all connect to me as they are all effectively road warriors with dynamic IPs). I've added zone entries as such: vpn1 ipv4 vpn2 ipv4 vpn3 ipv4 vpn4 ipv4 vpn5 ipv4 vpn6 ipv4 vpn7 ipv4 and then interfaces as such: vpn1 tun0 vpn2 tun0 vpn3 tun0 vpn4 tun0 vpn5 tun0 vpn6 tun0 vpn7 tun0 That yields an error about duplicate interfaces (tun0) in the interfaces file. I actually used to have: - tun0 in my interfaces file on previous versions of this configuration and shorewall but that seems to emit warnings about empty zones when I try to install it and missing "loc2vpn$n" chains where I specify what my local subnet is allowed to do on the VPN subnets. I did look at http://shorewall.net/OPENVPN.html but I didn't see anything there about how to handle the case of multiple OpenVPN clients where you want to put them into different zones because they have different rules. Any ideas? Cheers, b. ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems