CW Möller wrote: > Hi Laura > > I had the same problem a while ago. I had an UDP OpenVPN server on my > firewall, and 3 routes to the server. No matter which incoming route you > used, it only ever replied on the default route.
It actually replies on the first interface to receive a connection. And you apparently didn't read http://www.shorewall.net/MultiISP.html#Local. If you only want your server to accept connections through one of your public interfaces, you simply specify the IP address of that interface as the server's 'local' address. > > The only ways to fix this are either switching to TCP, or moving your > Open VPN to a host behind the firewall and DNAT'ing your OpenVPN traffic > to that host. Actually, there is a third way (and IMHO, a better way), assuming that you want your UDP clients to be able to connect through any of the interfaces. Simply run multiple instances of the UDP OpenVPN server on the firewall and tie each to a separate public interface using the 'local' specification. I do that here -- works fine. Just be sure that the local subnets (specified in the 'server' specification) for the instances are disjoint. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
