On Wed, 2007-02-07 at 20:32 -0800, Tom Eastep wrote: > > OTOH, I challenge you to give us a good reason for replicating your tun0 > route in multiple tables rather than simply using the single copy of > that route that is is automatically added to the main table by OpenVPN.
OK.
1. I start shorewall (no openvpn yet) and provider specific routing
tables are copied from main.
2. Now I start openvpn, which adds a route to the main table for
the other end of the tunnel:
* 10.75.23.0/24 via 10.33.66.2 dev tun0
3. Now traffic starts flowing to 10.75.23.1
I. First packet in the connection will use the main routing
table and be routed to the remote correctly
II. Remote will send back it's reply in that connection and
it's arrival will mark the packet and connection
according to the provider it's received on
III. Local will send it's second packet to remote but since
it's on the connection marked for the provider it will
be routed via the provider's table (which does not have
the route added in step 2) and it will end up going via
the default route rather than the tun0 route.
As I understand it and as my debugging has led me to believe. I think
my supposition is correct because I can fix the above situation by
adding that route that was added in step 2 to the provider tables.
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
