[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Re: Mystery of Openvpn


  • Subject: RE: [Openvpn-users] Re: Mystery of Openvpn
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Mon, 6 Dec 2004 18:02:12 -0500

Well, the short answer is yes. I am using a LEAD called Bering 1.2, and
yes I agree 2.4.20 is a bit long in the tooth, but 2.6 is bit new. I
would like to wait until the stability of 2.6 is proven... I am sounding
like some kind old woman even to myself, apologies for the politically
incorrect stmt.. ;-)

Anyway, the reason the answer is yes, is that I am using shorewall
(front end to iptables) with the following zones, interfaces, policies
and tunnels.
The below "should" work, but doesn't. The ACCEPT lines in the policy
should open ports 5000 but don't. Anybody have any ideas? >>> TIA, Rick.

/etc/shorewall/zones:
#zone display
net   Net
loc   Local 
vpn1 vpn-rw-ipsec
vpn3 wlan-openvpn

/etc/shorewall/interfaces
#zone interface
net	eth0
loc	eth1
vpn1	ipsec0
vpn3	tun0

/etc/shorewall/policy
loc	vpn1	ACCEPT
loc	vpn3	ACCEPT
vpn1	loc	ACCEPT
vpn3	loc	ACCEPT
net	all	DROP		ULOG
all	all	REJECT	ULOG

/etc/shorewall/tunnels
# TYPE		ZONE	GATEWAY	GATEWAY ZONE
ipsec			net	0.0.0.0/0	vpn1
openvpn		loc	192.168.1.3	vpn3


-----Original Message-----
From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ged
Haywood
Sent: Monday, December 06, 2004 2:26 PM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] Re: Mystery of Openvpn

Hi there,

On Mon, 6 Dec 2004 Tibbs, Richard wrote:

> WINXP ---WLAN----Linux 2.4.20 firewall+openvpn ----DSLmodem ---
Internet
> 192.168.1.3     192.168.1.254
>
> The symptom is that I cannot access any web page over the wireless
while
> openvpn on either firewall or xp is up. The route tables look right to
> me, see below. But the log files on the firewall show some UDP
> operations fail.

Have you opened a port for OpenVPN on the firewall?

Have you put OpenVPN on the firewall itself?  There are those who
would argue that it's not best practice.  And kernel 2.4.20 is getting
a bit long in the tooth now, if you don't mind my saying so... :)

73,
Ged.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users