Hi Tom and Martin, with your suggestions and documentation, I have setup OpenVPN on Bering router to have one subnet-subnet (using UDP port 5000) and then one road-warrior (using UDP port 5555 and Windows 2000).
Thank you very much and I would like to post what I did for the road-warrior part in case somebody wants a reference in the future. My OpenVPN configuration files for Road-Warrior (using preshared-key) look like that: On Bering: dev tun tun-mtu 1532 # listen on this IP Address local 24.11.155.243 port 5555 ifconfig 172.16.0.1 172.16.0.2 secret static.key persist-tun ping-restart 60 ping-timer-rem persist-tun persist-key ping 10 verb 3 mute 10 On Windows 2000: port 5555 remote 24.11.155.243 tun-mtu 1500 tun-mtu-extra 32 dev tun ifconfig 172.16.0.2 172.16.0.1 secret STATIC.KEY ping 10 route 192.168.1.0 255.255.255.0 172.16.0.1 verb 3 Here is what I have in the the Shorewall config for one subnet-subnet and one road-warrior. /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS # vpn tun0 vpn2 tun1 /etc/shorewall/tunnels # TYPE ZONE GATEWAY GATEWAY # ZONE openvpn:5000 net 0.0.0.0/0 vpn openvpn:5555 net 0.0.0.0/0 vpn2 /etc/shorewall/zones: #ZONE DISPLAY COMMENTS vpn VPN vpn2 VPN2 /etc/shorewall/policy: #SOURCE DEST POLICY loc vpn ACCEPT vpn loc ACCEPT # loc vpn2 ACCEPT vpn2 loc ACCEPT # vpn fw ACCEPT fw vpn ACCEPT vpn2 fw ACCEPT fw vpn2 ACCEPT -------- And I have to add the following rule explicitly to /etc/shorewall/rules ACCEPT net fw udp 5555 to allow traffic on UDP port 5555. Tom could you help me to understand why I need this rule here eventhough I have defined it in 'tunnels' file? M Lu. ----- Original Message ----- From: "Tom Eastep" <[EMAIL PROTECTED]> > > I'll look forward to receiving your update to the document (note that > the document itself was contributed by Simon Mater). > > -Tom ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
