Hi guys, I'm trying to setup a VPN (openvpn version 1.5.0) connection from my home (ADSL, static IP) to my Office (Static IP). Both networks have a leaf Bering machine as there firewalls, both running shorewall 1.4.7c. I followed the guide at http://www.shorewall.net/1.4/OPENVPN.html but I'm not 100% sure I have got it right. I can get the openvpn side of things to connect but cannot ping any machines on either side of the VPN from the firewall or internal machines.
HOME internal LAN is 10.0.10.0/24 OFFICE internal LAN is 10.0.100.0/24 HOME Tunnel endpoint 192.168.0.1 OFFICE Tunnel endpoint 192.168.0.2 HOME Firewall IP: 202.52.33.145 OFFICE Firewall IP: 67.106.134.127 OFFICE: /etc/shorewall/zones --> added 'vpn VPN VPN network' /etc/shorewall/interfaces --> added 'vpn tun0 10.0.10.255' /etc/shorewall/policy --> added 'loc vpn ACCEPT' and 'vpn loc ACCEPT' /etc/shorewall/tunnels --> added 'openvpn net 202.52.33.145' openvpn.conf dev tun local 67.106.134.127 ifconfig 192.168.0.2 192.168.0.1 secret secret.key verb 8 Restarted Shorewall no errors... Start OpenVPN no errors.. Manually add the route: route add -net 10.0.10.0 netmask 255.255.255.0 gw 192.168.0.2 daemon.log Apr 8 11:58:00 pyro openvpn[19238]: Current Parameter Settings: Apr 8 11:58:00 pyro openvpn[19238]: config = '/etc/openvpn/openvpn.conf' <snip> Apr 8 12:00:00 pyro openvpn[32333]: Expected Remote Options hash (VER=V3): '9af04bc6' Apr 8 12:00:00 pyro openvpn[17555]: UDPv4 link local (bound): 67.106.134.127:5000 Apr 8 12:00:00 pyro openvpn[17555]: UDPv4 link remote: [undef] Apr 8 12:01:46 pyro openvpn[17555]: UDPv4 READ [60] from 202.52.33.145:5000: DATA len=60 Apr 8 12:01:46 pyro openvpn[17555]: Peer Connection Initiated with 202.52.33.145:5000 Apr 8 12:01:46 pyro openvpn[17555]: UDPv4 WRITE [188] to 202.52.33.145:5000: DATA len=188 Apr 8 12:01:50 pyro openvpn[17555]: UDPv4 WRITE [60] to 202.52.33.145:5000: DATA len=60 $ ip route 192.168.0.1 dev tun0 proto kernel scope link src 192.168.0.2 10.0.100.0/24 dev eth1 proto kernel scope link src 10.0.100.1 67.106.134.0/24 dev eth0 proto kernel scope link src 67.106.134.127 10.0.10.0/24 via 192.168.0.2 dev tun0 scope link default via 67.106.134.1 dev eth0 HOME: /etc/shorewall/zones --> added 'vpn VPN VPN network' /etc/shorewall/interfaces --> added 'vpn tun0 10.0.100.255' /etc/shorewall/policy --> added 'loc vpn ACCEPT' and 'vpn loc ACCEPT' /etc/shorewall/tunnels --> added 'openvpn net 67.106.134.127' openvpn.conf dev tun local 202.52.33.145 remote 67.106.134.127 ifconfig 192.168.0.1 192.168.0.2 secret secret.key verb 8 Restarted Shorewall no errors... Start OpenVPN no errors.. Manually add the route: route add -net 10.0.100.0 netmask 255.255.255.0 gw 192.168.0.1 daemon.log Apr 8 02:29:06 talon openvpn[16327]: Expected Remote Options hash (VER=V3): 'b700f892' Apr 8 02:29:06 talon openvpn[18778]: UDPv4 link local (bound): 202.52.33.145:5000 Apr 8 02:29:06 talon openvpn[18778]: UDPv4 link remote: 67.106.134.127:5000 Apr 8 02:29:16 talon openvpn[18778]: UDPv4 WRITE [60] to 67.106.134.127:5000: DATA len=60 Apr 8 02:29:16 talon openvpn[18778]: UDPv4 READ [188] from 67.106.134.127:5000: DATA len=188 Apr 8 02:29:17 talon openvpn[18778]: Peer Connection Initiated with 67.106.134.127:5000 Apr 8 02:29:21 talon openvpn[18778]: UDPv4 READ [60] from 67.106.134.127:5000: DATA len=60 Apr 8 02:29:21 talon openvpn[18778]: UDPv4 WRITE [188] to 67.106.134.127:5000: DATA len=188 # ip route 192.168.0.2 dev tun0 proto kernel scope link src 192.168.0.1 172.31.31.9 dev ppp0 proto kernel scope link src 202.52.33.145 10.0.100.0/24 via 192.168.0.1 dev tun0 scope link 10.0.10.0/24 dev eth1 proto kernel scope link src 10.0.10.1 default via 172.31.31.9 dev ppp0 I try and ping the OFFICE endpoint from HOME firewall # ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2): 56 data bytes ping: sendto: Operation not permitted HOME: shorewall.log Apr 8 02:31:39 talon Shorewall:all2all:REJECT: IN= OUT=tun0 MAC=00:90:27:58:e2:dd:00:e0:7d:ba:cd:ee:08:00 SRC=192.168.0.1 DST=192.168.0.2 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=63440 DF PROTO=ICMP TYPE=8 CODE=0 ID=37959 SEQ=0 The above is in my HOME shorewall.log I'm not sure how to fix this. I'm sure my tunnels file is right. Any help would be muchly appreciated. Regards Adam. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
