Jerry Vonau wrote: > > The openvpn tunnel, based on the masq entries, appears to be to > 201.221.xx.xx or 200.40.xx.xx *on the firewall*, that is supported by > the tunnels file entry. > > Based on the masq entries "eth1 10.8.0.0/24 201.221.xx.xx" it appears > that Nico wants to have the traffic from the vpn client to 74.53.205.xxx > appear to come from the fw/vpn-server's 201.221.xx.xx. > address, that would explain the push route in openvpn. > > I think this is what Nico wants: > > from the vpn-client to 74.53.205.xxx: > vpn-client (with host route) -> tunnel -> fw/vpn-server -> > masq to 201.221.xx.xx -> eth1gw -> 74.53.205.xxx > > from 74.53.205.xxx to the vpn-client: > 74.53.205.xxx -> eth1gw -> fw/vpn-server -> de-masq -> > tunnel -> vpn-client > > Nico: > > Could you clarify this for us please. >
If that is indeed the case then your tip about the route_rules example in the Multi-ISP doc should solve the problem. The cause of the failure is that return traffic from 74.53.205.xxx is mis-routed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
