similar to: small issue with eth0:1

I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3 box. The box has three nics assigned to zones loc net and dmz. We also have multiple vpn links accomplished via ssh tunnels, These links all come from dynamic IP addresses with known private subnets behind them. There are basically two types of networks these vpns connect, one with access to almost everything and one with

Hello again, >From the point of view of a Red Hat *user*, the standardised way of doing things would be to have an /etc/sysconfig/tinc file containing something like: NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces) At initialization, each name should launch a separate tinc instance (a different VPN) tinc service should not start until the user adds at least

Hello list, I wish to report a problem with openvpn tunnels. Synopsis: Despite adding policies to the shorewall policy file, I have to add extra rules to allow the UDP port 5000 packets to get through. I have used no particular setup guide. I believe this problem goes away with shorewall 2.0.9, as I have implemented openvpn with that version on a different machine, and I see no UDP:5000 packet

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,

Greetings, me again. I''m starting to feel miff now. If I have a few vpn tunnels with different tun interfaces. And all this tunnel traffic is coming in on my eth0 interface, it also leave via eth0 again. I would like to share the available bandwidth evenly with tunnel clients. Would applying the bandwidth rule on eth0 with htb & sfq work for sharing the bandwidth or will

Hi, I have multiple ppp interfaces that does not correspond to the same network usage. Do you know anything about trying to set definitively the ppp+ name ? or anything to adapt automagically iptables to the real network which is behind each ppp+ interface ? I''ve tooken a look into the IFNAME env var... but it doesn''t seems to work :c/ regards, -- BeTa

1 small question i have 4 network cards on my firewall eth0 inet eth1 internel network eth2 customer network eth3 freeswan vpn is there a way that i can connect the eth2 and eth1 network together so that i can access the servers off eth1 from eth2? Marshal McInnis Tech / Web Designs 1-205-344-4455 Ext 208

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

There is no concept of "client" or "server" in tinc. tinc is purely peer-to-peer. "ConnectTo" statements only indicate which node will attempt to establish the initial connection, but once the connection is established, direction does not matter. It is unclear from your message which node is responsible for which subnet. If X/32 truly belongs to C, then simply set

I am trying shorewall as my previous post With alisias on eth1 loc and 4 pptp client vpns. The odd thing is when I enter one of the vpns in interfaces such as vpn1 it works. But if I enter the vpn in the hosts file shorewall blocks the vpns. shorewall/hosts #ZONE HOST(S) OPTIONS loc eth1:192.168.25.0/24 loctw eth1:192.168.50.0/24 locsa eth1:192.168.75.0/24 vpntw

We''ve just upgraded to a new firewall machine, and a new version of Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m pretty sure whatever problems we''re having are related to the big version jump. We''re using config files that exactly match our old (working) configuration (IOW, these are things which _were_ working on the old

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

Hí everybody, you have a nice day. I am configuring accounting in shorewall /etc/shorewall/accounting and the traffic between eth0 (local network)1, eth2(local network2) and eth3(local network3) <--> eth1(ip public network), works fine. I make the accounting because y want to control the remote vpn access(pptpd) throught shorewall. Which is the way to control vpn /ip/access in

You’re talking about Layer 2 bridging by Tinc? The use case here is layer 3 routing, but anyway, thanks for your feedback. > On 1 May 2017, at 8:09 PM, LowEel <loweel at gmx.de> wrote: > > I cannot understand why you say the configuration for B will be tricky. > > If you select the switch mode, and some machine can initiate a > connection to some other machine, until

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

on i have a small question we have a linux box with a windows 2003 server well we natted all the ports and mail is working remote desktop is working web is working the only thing that does not work is vpn how can i foward vpn traffic to this server i checked the site and searched for foward vpn and got nothen can somone please enlight me where to start Marshal McInnis Tech / Web

> I've been having troubles getting cross subnet browsing working in > existance with a WinNT domain master (hey, it's not my machine). > Basically what is happening is that I am trying to setup a VPN (which > shouldn't complicate things) that browsing will work across. The idea is > this: > > There is an office in my local city that I'm connecting San

We have a Mediatrix 1102 hooked into the network. Both of the attached analog phones and all of their features work, but in the CLI we keep getting "-- Got SIP response 481 "Transaction Does Not Exist" back from XXX.XXX.XXX.XXX " (Where XXX is the IP address of the Mediatrix ) every few minutes. I have changed most of the settings in the sip.conf multiple times and have done

For outgoing calls made on our PRI circuit we are setting the Caller ID using the format Exten => _9XXXXXXX,1,SetCallerID(1601XXXXXXX) The monitor shows that the CallerID is being set to the specified number, but yet when the call is received on the user end the ID is always the base number of our DID. For example we have 8600-8650 as DID's but the callerid is always 8600 regardless of