Hi,
Happy 2015 to all!
I am setting up tinc VPN on a firewall (shorewall setup) that is also
the network gateway.
The standard tinc setup has the tincd daemon create and remove the
necessary VPN interface (tun0 in my case). The problem is that when tincd
is not running, the tun0 interface is not just down, it actually is removed
from the system (the command ifconfig tun0 returns "device not found").
The first test I did was to check if the "optional" interface option
would work with an interface that could not be found (I initially assumed
it would work only on an interface that is down) but shorewall did start
just fine. I also ran iptables -L and saw rules associated to the zone
linked to the tun0 interface.
However I am worried that such firewall rules may not for some reason
work reliably. I do not have a deep understanding of how iptables work but
can I assume that once the tun0 interface is brought up that the firewall
will be working just like I configured shorewall to treat it (without
restarting shorewall)? Is shorewall able to add all necessary firewall
rules even when the interface does not exist in the system? Any reason for
concern?
Best regards,
Marcelo
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
