Hi, 1) Did you check the shorewall-tunnels file? 2) Did you verify if openvpn is dropping the packet or iptables? 3) Did you add the policy on both nodes?
You can do the second by checking the openvpn.log file, and the shorewall.log file (assuming you've gotten ulogd installed). Also, one VPN tunnel is sufficient. You really don't need two. Please follow http://www.shorewall.net/OPENVPN.html for the openVPN setup. Also, if you still need help, please follow the steps provided at http://shorewall.net/support.htm That'll help us help you much better, Prasanna. On 12/24/06, roman <[EMAIL PROTECTED]> wrote: > hy again! > > thanks for your answer! > > > I'm fairly certain that you do need to setup some masquerading for this to > > work. > > AFAIK masquerading is only needed if one part of the network is not able to > address another directly (with its original IP), which should not be the case > here. So I still hope I can do this with routing (hence the different > subnets) instead of masquerading. > > > Also, why use two tunnels > > instead of just one? It seems like you could achieve the same results buts > > with just one tunnel. > > Yes it would be possible to do this with just one tunnel, but doing it with > two has some configuration advantages. This way each VPN server has to know > only how to reach its LAN (and push the corresponding route to its clients). > > But this two tunnel thingy is all based on the assumption that the way of the > pakets can be different in the two directions. I will however test it with > just one tunnel, though I think it should work with two too. > > I made a little sketch of the network layout as it is currently set up. It's > attached as PNG. > > Roman > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
