RE: [leaf-user] new Mystery of openvpn

Tibbs, Richard Mon, 06 Dec 2004 13:09:16 -0800

Trying that now.
Will post back later...

-----Original Message-----
From: Erich Titl [mailto:[EMAIL PROTECTED] 
Sent: Monday, December 06, 2004 4:02 PM
To: Tibbs, Richard
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] new Mystery of openvpn


Rick

Tibbs, Richard wrote:

>According to openvpn site/list opevpn 2.11beta or beyond will fix the
XP
>SP2 problems. I somewhat amazed that I see the packets from the fw to
>the winxp box being REJECTed by shorewall, despite the configs as
>follows:
>shorewall log:
>firewall Shorewall:all2all:REJECT: IN= OUT=tun0
>MAC=00:02:e3:12:7d:94:00:e0:b8:6d:1e:cd:08:00 SRC=192.168.1.254
>DST=192.168.1.3 LEN=88 TOS=00 PREC=0x00 TTL=64 ID=54059 DF PROTO=UDP
>SPT=5000 DPT=5000
>
>/etc/shorewall/zones:
>#zone display
>net   Net
>loc   Local 
>vpn1 vpn-rw-ipsec
>vpn3 wlan-openvpn
>
>/etc/shorewall/interfaces
>#zone interface
>net    eth0
>loc    eth1
>vpn1   ipsec0
>vpn3   tun0
>
>/etc/shorewall/policy
>loc    vpn1    ACCEPT
>loc    vpn3    ACCEPT
>vpn1   loc     ACCEPT
>vpn3   loc     ACCEPT
>net    all     DROP            ULOG
>all    all     REJECT  ULOG
>  
>
What about
fw   vpn3   ACCEPT
vpn3   fw   ACCEPT

cheers
Erich





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] new Mystery of openvpn

Reply via email to