similar to: Bug in 2.4.6

hey friends, I have installed OpenVPN 2.0.7 (i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006) on Centos4.0 through rpm (diag repository). The network scenario of my office is below Remote Client ----> Internet <-------> Cisco Pix Firewall (Gateway) <----> VPN Server & LAN Clients

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and one routed (for nailed

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 Problems Corrected: 1. The syntax of the add and delete command has been clarified in the help summary produced by /sbin/shorewall. New Features: 1. TCP OpenVPN tunnels are now supported using the ''openvpn'' tunnel type. OpenVPN

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

On Mon, 2004-12-13 at 11:03 -0800, Tom Eastep wrote: > On Mon, 2004-12-13 at 10:45 -0800, Tom Eastep wrote: > > On Mon, 2004-12-13 at 13:43 -0500, M Lu wrote: > > > Tom, can he specify openvpn twice in the tunnel file, e.g. > > > > > > openvpn:udp:5000 > > > openvpn:udp:5001 > > > > > > I think I had the problems with that so I use

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

The following systems will be down this weekend for server rebuild: shorewall.net lists.shorewall.net www1.shorewall.net ftp1.shorewall.net rsync.shorewall.net cvs.shorewall.net This will affect: Shorewall site and archive search Mailing list archives Mailing lists CVS Primary DNS for shorewall.net I will start the rebuild on Saturday morning and hope to be done by Saturday

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, I will be rebuilding my server. I expect the project to take most of the day. I will begin around 7AM PST (-0800). The server hosts the following sites: www1.shorewall.net (a.k.a. shorewall.net) ftp1.shorewall.net lists.shorewall.net rsync.shorewall.net Sorry for the inconvenience. - -Tom - -- Tom Eastep \ Nothing is foolproof

While I rebuild my server, shorewall.net is running on an old slow system. This affects: lists.shorewall.net shorewall.net ftp1.shorewall.net www1.shorewall.net I encourage you to avoid these systems until the new server is ready. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

A fix is available at http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5 If white space is included in LOGFORMAT then a startup error results. Either: a) Replace /usr/share/shorewall/compiler and /usr/share/shorewall/functions with the ''compiler'' and ''functions'' files from the errata/Shorewall/ sub-directory. b) Patch

http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ ftp://ftp1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ Coming soon to a Mirror near you. Problems corrected in 3.0.6 1) A typo in the output of "help drop" has been corrected. 2) Previously, ''shorewall start'' would fail in the presence of a network interface named ''inet''. 3)

Today I am having a new DSL line installed. Once the line is in and operational, I will be moving my local network from the old line to the new; I am expecting minimal down time (an hour or two) but as those of you who have been involved in such things know, there is no way of knowing what disasters are going to happen. Services impacted will be: http://shorewall.net (a.k.a.,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 Problems Corrected: 1) IP ranges in the routestopped and tunnels files now work. 2) Rules where an IP range appears in both the source and destination ~ now work correctly. 3) With complex proxy arp configurations involving two or

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one using the new

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=506 Summary: iptables-save aborts Product: iptables Version: 1.3.5 Platform: i386 OS/Version: Fedora Status: NEW Severity: normal Priority: P2 Component: iptables-save AssignedTo: laforge@netfilter.org ReportedBy: davidhart@tqmcube.com

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was