Re: [Shorewall-users] Shorewall able to restart even Opevpn is down

Thu, 30 Oct 2008 11:22:33 -0700 

Worked. Thanks a lot.
On Thu, Oct 30, 2008 at 3:52 PM, Tom Eastep <[EMAIL PROTECTED]> wrote:

> Guilsson Gtalk wrote:
> > I setup a 2 FW boxes in fail over fashion with 2 links.
> > These are to be connected from outside via OpenVPN installed in the box.
> > For SEVERAL reasons, only one OpenVPN must be up at time. Heartbeat
> > takes care of this correctly.
> > Notice the setup is Active/Active because some users uses FW1 to access
> > the Net and others uses FW2 .
> >
> > But, in the machine OpenVPN is down I cannot do a "shorewall restart"
> > after making some adjustments in the rules.
> > --> ERROR: Unable to determine the routes through interface "tun0"
> >
> > There is an option in OpenVPN (persist-tun) to maintain the tunnel up
> > but only during internal restarts of the tunnel itself.
> > After "service openvpn stop" the TUN0: also vanishes.
> >
> > Is the a way to restart Shorewall ignoring the absence of TUN0 ?
>
> Yes -- in /etc/shorwall/masq, remove 'tun*' from the SOURCE column and
> replace with the actual VPN subnet(s).
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to