Tom Eastep wrote:
> Farkas Levente wrote:
>> hi,
>> in the interface doc i read :
>>
>> "The broadcast address(es) for the network(s) to which the interface
>> belongs. For P-T-P interfaces, this column is left blank."
>>
>> but in case openvpn when --topology subnet then the tun interface is a
>> P-t-P connection but still has a subnet. so "-" or "detect"?
>> thanks.
>>
>
> Look at the output of 'ip addr tun0'. If it contains a 'brd' then use
> 'detect' (or specify the brd address if tun0 might not be up when Shorewall
> starts); otherwise use '-'.
ok to be clarify tun0 is a openvpn server in topology subnet, while tun1
is an openvpn client in topology net30. i also check a topology subnet
client. and it seems in case of
- topology subnet (both server and client) there is a brd so use detect.
- all other topology use -
imho it'd be useful to document:-)
thanks.
[EMAIL PROTECTED] openvpn]# ip address show tun0
45: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/[65534]
inet 192.168.255.1/24 brd 192.168.255.255 scope global tun0
[EMAIL PROTECTED] openvpn]# ip address show tun1
46: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc
pfifo_fast qlen 100
link/[65534]
inet 10.0.2.14 peer 10.0.2.13/32 scope global tun1
--
Levente "Si vis pacem para bellum!"
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
