[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN on SuSE 8.0


  • Subject: [Openvpn-users] OpenVPN on SuSE 8.0
  • From: "Ernesto Baschny" <ernst@xxxxxxxxxx>
  • Date: Wed, 07 Aug 2002 02:08:42 +0200
  • Priority: normal

Hi!

Since SuSE uses slight different standards (for /etc/init.d etc), I
created a RPM for openvpn that will work on SuSE 8.0 like a charm.

Those two RPMs are needed:

 http://www.baschny.de/linux/SuSE-8.0/RPMS/liblzo-1.08-6.i386.rpm
 http://www.baschny.de/linux/SuSE-8.0/RPMS/openvpn-1.3.1-11.i386.rpm

(none of these are included in SuSE 8.0's distribution).

The src.rpm can be found here:

 http://www.baschny.de/linux/SuSE-8.0/SRPMS/liblzo-1.08-6.src.rpm
 http://www.baschny.de/linux/SuSE-8.0/SRPMS/openvpn-1.3.1-11.src.rpm


If you care to use SuSEfirewall2, here are some tips with which I made
it work with OpenVPN:

In file /etc/sysconfig/SuSEfirewall2:

 FW_DEV_INT
    add "tun0" and other tunnel devices here

 FW_SERVICES_EXT_UDP
    add "5000" or whatever port your remote party connects to

 FW_ALLOW_INCOMING_HIGHPORTS_UDP
    add "5000" here too

 FW_FORWARD
    add these three rules here:
     <remote-tunnel-ip>/32,<local-network>/<cidr>
     <local-LAN>/<cidr>,<remote-tunnel-ip>/32
     <local-LAN>/<cidr>,<remote-LAN>/<cidr>
  (this to allow connections to and from the remote tunnel to the
   local LAN and between both LANs).

 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
     also add this line here

In file /etc/sysconfig/scripts/SuSEfirewall2-custom:
Add the following in the proc fw_custom_before_denyall:

    iptables -A INPUT -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -j ACCEPT
    iptables -A INPUT -i tap+ -j ACCEPT
    iptables -A FORWARD -i tap+ -j ACCEPT

Just call /sbin/SuSEfirewall2 when the tunnel is up (else it will not
find "tun0" interface :( ), maybe in your <tunnel>.up file.

I am not 100% sure if all of this is needed, since a lot of experimenting
went by until it worked. If you find out that one or two of these things
are not needed, just let us know!!

--
Ernesto Baschny <ernst@xxxxxxxxxx>
 http://www.baschny.de - PGP: http://www.baschny.de/pgp.txt
 Sao Paulo/Brasil - Stuttgart/Germany
 Ernst@IRCnet - ICQ# 2955403


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users