[Shorewall-users] (no subject)

Mike Lander Tue, 09 Jun 2009 15:55:25 -0700


shorewall docs say to add these netowrks which confuses me in net map?
More so that the two 10.10.11 and 10.10.10 are different networks.


SNAT  192.168.1.0/24 vpn              10.10.11.0/24        #RULE 1A
DNAT  10.10.11.0/24  vpn              192.168.1.0/24       #RULE 1B 
The entry in /etc/shorewall/netmap in firewall2 would be:

#TYPE NET1           INTERFACE        NET2
DNAT  10.10.10.0/24  vpn              192.168.1.0/24       #RULE 2A
SNAT  192.168.1.0/24 vpn              10.10.10.0/24        #RULE 2B
Not quite sure how this works and which route commands to use for openvpn
All software is the latest ie: shorewall openvpn 
server box fedora 2
c;lient suse 11.1
I have spent hours trying to find examples and posts found this. I see it was 
put in shorewall years
ago. I have a need to build this as temp solution until I can fix layer2 
bridges at this network
and the logistics require using same lan ip networks on both sides of the 
tunnel until I 
can get the wireless bridges back up.
Not quite sure of the route commands to use to get this working. has anyone 
else had to use this?
I see hardly any posts in shorewall on how to accomplish this? I have came up 
with what I 
think the open vpn configs below.

Thanks
Mike

-------------------------------------------------
client
dev tun
proto udp

remote 66.224.100.190 1194

ifconfig 172.16.1.2 172.16.1.1
;route 10.3.85.0 255.255.255.0
route add -host 10.3.85..20  tun0  --this is server side lan ip
resolv-retry infinite
nobind

persist-key
persist-tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key

tls-auth /etc/openvpn/keys/ta.key 1
cipher BF-CBC

status /var/log/openvpn-status.log
log-append /var/log/openvpn.log

comp-lzo
verb 4

server -----------------------------------

And this is my server.conf file:

local 66.224.100.190
ifconfig 172.16.1.1 172.16.1.2

port 1194
proto udp

dev tun
daemon

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

server 172.16.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "dhcp-option DNS 4.2.2.2"

keepalive 10 120

tls-auth /etc/openvpn/keys/ta.key 0

cipher BF-CBC
comp-lzo
max-clients 25
user nobody
group nobody
persist-key
persist-tun

status /var/log/openvpn-status.log

log-append /var/log/openvpn.log
verb 4
mute 20

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] (no subject)

Reply via email to