On 10/11/2017 05:32 PM, Paolo wrote: > On Wed, 11 Oct 2017, Tom Eastep wrote: > >> On 10/11/2017 04:35 PM, Paolo Andretta wrote: >>> On Wed, 11 Oct 2017, Tom Eastep wrote: >>>> >>>> If you 'shorewall clear' on both firewalls, can you communicate between >>>> the two LANs? (be sure to 'shorewall start' both after the test). >>> >>> No. >>> Tried to flip the roles/configuration opf openvpn, same result. >>> >> >> Then you have an OpenVPN configuration problem, not a Shorewall problem. >> You might be able to work around it by masquerading your local LANs out >> of the tun0 interfaces. > > You mean insert: > > MASQUERADE 10.8.0.0/24 tun0 > > into snat files?
Yes.
>
> Is it possible to use tcpdump to monitor packets into the tunnel?
>
Yes, it is.
tcpdump -ni tun0 <selection expression>
See 'man pcap' for <selection expression>
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
