Tom Eastep wrote: > Jerry Vonau wrote: > >> The openvpn tunnel, based on the masq entries, appears to be to >> 201.221.xx.xx or 200.40.xx.xx *on the firewall*, that is supported by >> the tunnels file entry. >> >> Based on the masq entries "eth1 10.8.0.0/24 201.221.xx.xx" it appears >> that Nico wants to have the traffic from the vpn client to 74.53.205.xxx >> appear to come from the fw/vpn-server's 201.221.xx.xx. >> address, that would explain the push route in openvpn. >> >> I think this is what Nico wants: >> >> from the vpn-client to 74.53.205.xxx: >> vpn-client (with host route) -> tunnel -> fw/vpn-server -> >> masq to 201.221.xx.xx -> eth1gw -> 74.53.205.xxx >> >> from 74.53.205.xxx to the vpn-client: >> 74.53.205.xxx -> eth1gw -> fw/vpn-server -> de-masq -> >> tunnel -> vpn-client >> >> Nico: >> >> Could you clarify this for us please. >> > > If that is indeed the case then your tip about the route_rules example in > the Multi-ISP doc should solve the problem. The cause of the failure is that > return traffic from 74.53.205.xxx is mis-routed. >
I agree, but there would be no route in the providers table for tun0. If I recall correctly, no route in the ip table, no traffic, otherwise we would not have to list the masq lan in the copy column. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
