similar to: should I shape tun[N] or eth0 ?

breakdown of what iam doing ok i have access to 6 ips and i want to run all of them through my firewall ifconfig eth0 209.159.32.162 netmask 255.255.255.0 up ifconfig eth0:1 209.159.32.163 netmask 255.255.255.0 up that sets up the network card to have 2 address well in shorewall i tried to add eth0:1 to my interfaces well it says that Determining Zones... Zones: inet inet2 loc cust vpn1

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,

Hi, I have multiple ppp interfaces that does not correspond to the same network usage. Do you know anything about trying to set definitively the ppp+ name ? or anything to adapt automagically iptables to the real network which is behind each ppp+ interface ? I''ve tooken a look into the IFNAME env var... but it doesn''t seems to work :c/ regards, -- BeTa

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3 box. The box has three nics assigned to zones loc net and dmz. We also have multiple vpn links accomplished via ssh tunnels, These links all come from dynamic IP addresses with known private subnets behind them. There are basically two types of networks these vpns connect, one with access to almost everything and one with

There is no concept of "client" or "server" in tinc. tinc is purely peer-to-peer. "ConnectTo" statements only indicate which node will attempt to establish the initial connection, but once the connection is established, direction does not matter. It is unclear from your message which node is responsible for which subnet. If X/32 truly belongs to C, then simply set

We''ve just upgraded to a new firewall machine, and a new version of Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m pretty sure whatever problems we''re having are related to the big version jump. We''re using config files that exactly match our old (working) configuration (IOW, these are things which _were_ working on the old

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

Hí everybody, you have a nice day. I am configuring accounting in shorewall /etc/shorewall/accounting and the traffic between eth0 (local network)1, eth2(local network2) and eth3(local network3) <--> eth1(ip public network), works fine. I make the accounting because y want to control the remote vpn access(pptpd) throught shorewall. Which is the way to control vpn /ip/access in

Hello again, >From the point of view of a Red Hat *user*, the standardised way of doing things would be to have an /etc/sysconfig/tinc file containing something like: NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces) At initialization, each name should launch a separate tinc instance (a different VPN) tinc service should not start until the user adds at least

You’re talking about Layer 2 bridging by Tinc? The use case here is layer 3 routing, but anyway, thanks for your feedback. > On 1 May 2017, at 8:09 PM, LowEel <loweel at gmx.de> wrote: > > I cannot understand why you say the configuration for B will be tricky. > > If you select the switch mode, and some machine can initiate a > connection to some other machine, until

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

I have three ADSL lines that I''d like to use as one big pipe to the internet. The ADSL service works by establishing a pppoe connection (the ADSL "modem" is a bridge), and each pppoe interface gets its own IP address. This means I''d have to have 4 ethernet interfaces (3 for each of the ADSL modems and 1 for the LAN) in my gateway. I''d setup the gateway to NAT

Hellou I found a interesting problem with my tinc instalation: Log messages from main router. tinc.vpn1[1959]: tincd 1.0pre7 starting tinc.vpn1[1959]: /dev/tun is a Linux tun/tap device tinc.vpn1[1959]: Can't bind to 0.0.0.0 port 655/tcp: Permission denied tinc.vpn1[1959]: Unable to create any listening socket! tinc.vpn1[1959]: Unrecoverable error #cat

> I've been having troubles getting cross subnet browsing working in > existance with a WinNT domain master (hey, it's not my machine). > Basically what is happening is that I am trying to setup a VPN (which > shouldn't complicate things) that browsing will work across. The idea is > this: > > There is an office in my local city that I'm connecting San

Hi Ivo and Guus, We are writing a book on building VPNs for Linux and a part of it describes tinc. I wanted to make sure that your opinion, as tinc authors and developers, is reflected. First, let me ask a couple of technical questions. 1. If there are two hosts, foo and bar, that are to be connected via tinc, and each host should only have _one_ IP address (i.e. nmask is /32), would the

Hello list, I wish to report a problem with openvpn tunnels. Synopsis: Despite adding policies to the shorewall policy file, I have to add extra rules to allow the UDP port 5000 packets to get through. I have used no particular setup guide. I believe this problem goes away with shorewall 2.0.9, as I have implemented openvpn with that version on a different machine, and I see no UDP:5000 packet

Hello, I have an OpenVPN running on a system with Samba 3.0.9. However, with this setting (tun2 is my VPN device): interfaces = tun2, lo bind interfaces only = Yes it doesn't bind to tun2, but to ppp0. What the heck? Tomek

Hello Lars, Thanks for your feedback. Unfortunately I made an error in writing the network I expected to connect to. I meant 10.3.0.0/24 The one I wrote in fact was one network of the already established VPN. I have included full details of my relevant files below. Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate