Thanks all. The new vlan interface isn't really new, it's a minor mod to a previous vlan. I haven't looked at the "track" option as yet but this relates to outgoing traffic so not sure that's the issue. As Tom suggested I sent him some details privately. Since I'm on GMT+1 that's all for tonight! Best, Norm
On Thu, Mar 26, 2020 at 8:37 PM Justin Pryzby <[email protected]> wrote: > On Thu, Mar 26, 2020 at 07:11:57PM +0100, Norman Henderson wrote: > > Hi, > > Suddenly -not sure why - I can't establish my OpenVPN tunnel because the > > packets are leaving from the wrong interface, not appropriate to the > source > > address given to OpenVPN. A shorewall trace shows (with IP's altered): > > fMar 26 18:57:46 cem05fw kernel: [ 4389.595024] TRACE: > raw:OUTPUT:policy:13 > > IN= OUT=vlan5 SRC=0.0.4.238 DST=0.0.15.83 LEN=70 TOS=0x00 PREC=0x00 > TTL=64 > > ID=59557 DF PROTO=UDP SPT=5001 DPT=5001 LEN=50 UID=0 GID=0 > > > > However, the 0.0.4.238 address is on vlan6, not vlan5. The address > > mentioned in the OpenVPN "local" directive is 0.0.4.238. The rest of the > > trace sticks with vlan5 and that (inappropriate) address. However, > packets > > arriving at the server arrive at the correct destination address from > > the address of vlan5, which (altered) is 0.0.229.214. > > > > It was all working fine until earlier today. I added an unrelated > interface > > on vlan2 with a 192.168 address (actually altered a previous vlan2 > > interface). Any suggestions on where to look? Our Email is down until > this > > is resolved... > > Is it resolved if you remove the unrelated interface ? > > I think you need the providers' "track" option. > > https://shorewall.org/4.6/MultiISP.html#providers > https://shorewall.org/4.6/MultiISP.html#Local > > -- > Justin > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
