According to openvpn site/list opevpn 2.11beta or beyond will fix the XP SP2 problems. I somewhat amazed that I see the packets from the fw to the winxp box being REJECTed by shorewall, despite the configs as follows: shorewall log: firewall Shorewall:all2all:REJECT: IN= OUT=tun0 MAC=00:02:e3:12:7d:94:00:e0:b8:6d:1e:cd:08:00 SRC=192.168.1.254 DST=192.168.1.3 LEN=88 TOS=00 PREC=0x00 TTL=64 ID=54059 DF PROTO=UDP SPT=5000 DPT=5000
/etc/shorewall/zones: #zone display net Net loc Local vpn1 vpn-rw-ipsec vpn3 wlan-openvpn /etc/shorewall/interfaces #zone interface net eth0 loc eth1 vpn1 ipsec0 vpn3 tun0 /etc/shorewall/policy loc vpn1 ACCEPT loc vpn3 ACCEPT vpn1 loc ACCEPT vpn3 loc ACCEPT net all DROP ULOG all all REJECT ULOG /etc/shorewall/tunnels # TYPE ZONE GATEWAY GATEWAY ZONE ipsec net 0.0.0.0/0 vpn1 openvpn loc 192.168.1.3 vpn3 What is wrong with this?? Rick. -----Original Message----- From: Martin Hejl [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 1:04 PM To: Tibbs, Richard Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] new Mystery of openvpn Hi Richard, Tibbs, Richard wrote: > > Dear list. > Although I have a p2p tunnel up between linux, and WinXP started, there > are some strange things happening. I have segments of configs and log > files for each system. It looks like this: > WINXP ---WLAN----Bering 2.4.20 firewall+openvpn ----DSLmodem --- > Internet > 192.168.1.3 192.168.1.254 > > The symptom is that I cannot access any web page over the wireless while > openvpn on either firewall or xp is up. The route tables look right to > me, see below. But the log files on the firewall show some UDP > operations fail. Since there's an XP box involved, I'll go for the "usual suspect" - is there a chance you're running XP SP2 with the firewall enabled, and the firewall on the XP box is blocking the traffic? Just an idea Martin ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
