-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 3/18/20 1:52 PM, Andrey Andreev wrote:
> I follow the instructions (see attached screenshot) in
> https://shorewall.org/IPSEC.htm
You should be using https://shorewall.org/IPSEC-2.6.html.
> /etc/shorewall/masq - System A #INTERFACESO
-Original Message-
From: Tom Eastep
Sent: Wednesday, March 18, 2020 10:31 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Shorewall settings for IPSec & openVPN
On 3/18/20 1:13 PM, Andrey Andreev wrote:
am beginning to get it, it is the waterfall situation
On 3/18/20 1:13 PM, Andrey Andreev wrote:
> am beginning to get it, it is the waterfall situation. So I have to
> exchange lines order to:
>
> /etc/shorewall/snat
> SNAT(!9.9.9.9) 12.12.12.12/29 enp2s0 # exclude IPSec traffic:
> 9.9.9.9
> SNAT(11.11.11.11) 0.0.0.0/0 enp2s0 # local
-Original Message-
From: Tom Eastep
Sent: Wednesday, March 18, 2020 9:28 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Shorewall settings for IPSec & openVPN
On 3/18/2020 11:34 AM, Andrey Andreev wrote:
Done. Uncommented line is:
SNAT(!10.30.14.17)1
On 3/18/2020 11:34 AM, Andrey Andreev wrote:
> Done. Uncommented line is:
> SNAT(!10.30.14.17) 192.168.126.200/29 enp2s0 # exclude IPSec
> traffic
>
> 10.30.14.17 - LAN IP of the far end IPSec server, behind NAT
> 192.168.126.200/29 - LAN IP range behind my IPSec server
>
-Original Message-
From: Tom Eastep
Sent: Wednesday, March 18, 2020 8:25 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Shorewall settings for IPSec & openVPN
On 3/18/2020 11:01 AM, Andrey Andreev wrote:
As I have explained, shorewall does not start with
On 3/18/2020 11:01 AM, Andrey Andreev wrote:
> As I have explained, shorewall does not start with this line in SNAT
> unhashed. The error shown with 'systemctl shorewall status' after
> unsuccessful shorewall restart is something like:
> cannot start, unrecognized record in /etc/shorewall/snat
-Original Message-
From: Tom Eastep
Sent: Wednesday, March 18, 2020 7:03 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Shorewall settings for IPSec & openVPN
On 3/17/2020 11:24 PM, Andrey Andreev wrote:
__
Here is the output, no IPs in it to hide:
[ro
Thank you Tom!
Am Mi., 18. März 2020 um 18:07 Uhr schrieb Tom Eastep :
>
> On 3/18/2020 3:28 AM, Kevin Olbrich wrote:
> > Hi!
> >
> > I've noticed an issue with shorewall6 in shared mode.
> > My ipv4 firewall is working fine:
> >
> > rules:
> > ACCEPT all:9.9.9.9 fw udp 161
On 3/18/2020 10:05 AM, Witold Tosta wrote:
> W dniu 2020.03.18 o 17:49, Matt Darfeuille pisze:
>>
>> It would be good if you could try it and if it works for you and
>> report back if you have issue(s).
>>
>>
> The solution suggested by Bob regarding the tls-auth OpenVPN option
> fully solves the p
W dniu 2020.03.18 o 17:49, Matt Darfeuille pisze:
It would be good if you could try it and if it works for you and
report back if you have issue(s).
The solution suggested by Bob regarding the tls-auth OpenVPN option
fully solves the problem of security of authorization of incoming
connect
On 3/18/2020 3:28 AM, Kevin Olbrich wrote:
> Hi!
>
> I've noticed an issue with shorewall6 in shared mode.
> My ipv4 firewall is working fine:
>
> rules:
> ACCEPT all:9.9.9.9 fw udp 161
>
> shorewall6 complains:
> ERROR: Unknown Host (9.9.9.9) /etc/shorewall/rules (line 6
On 3/17/2020 11:24 PM, Andrey Andreev wrote:
__
>
> Here is the output, no IPs in it to hide:
>
> [root@server ~]# shorewall check -T
> Checking using Shorewall 5.2.2...
> Processing /etc/shorewall/params ...
> Processing /etc/shorewall/shorewall.conf...
> Loading Modules...
> Checking /etc/shore
W dniu 2020.03.18 o 17:39, Robert K Coffman Jr. -Info From Data Corp. pisze:
Not an answer to your question, but a suggestion.
Use tls-auth in your OpenVPN configuration.
https://openvpn.net/community-resources/hardening-openvpn-security/
Any packet not signed will just get dropped. Seems a l
On 3/18/2020 5:23 PM, Witold Tosta wrote:
Is it possible to filter incoming connections using the GeoIP module for
the OpenVPN gateway located on the Linux Shorewall router?
From what I noticed, the entry in the /etc/shorewall/tunnels file:
#TYPE ZONE GATEWAY G
Not an answer to your question, but a suggestion.
Use tls-auth in your OpenVPN configuration.
https://openvpn.net/community-resources/hardening-openvpn-security/
Any packet not signed will just get dropped. Seems a lot easier to manage.
- Bob
On 3/18/2020 12:23 PM, Witold Tosta wrote:
Is it
Is it possible to filter incoming connections using the GeoIP module for
the OpenVPN gateway located on the Linux Shorewall router?
From what I noticed, the entry in the /etc/shorewall/tunnels file:
#TYPE ZONE GATEWAY GATEWAY_ZONE
openvpnserver: 1194 net
Hi!
I've noticed an issue with shorewall6 in shared mode.
My ipv4 firewall is working fine:
rules:
ACCEPT all:9.9.9.9 fw udp 161
shorewall6 complains:
ERROR: Unknown Host (9.9.9.9) /etc/shorewall/rules (line 62)
Obvious what happens here but do I need to wrap all my v4 r
18 matches
Mail list logo
