shorewall-users July 2011 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Problem With OpenVPN Conn

Re: [Shorewall-users] Problem With OpenVPN Connectivity

From: Das <dasfox_at_nospam>
Date: Sat Jul 23 2011 - 01:33:35 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

Hi Tom,

I was at it for a few days with Slackware users that were very knowledgeable
and experienced with iptables and netfiler and they couldn't figure it out
or see anything wrong and why it wasn't working...

I just chalked it up to a possible routing bug in Slack.

I had a backup image so I reinstalled 13.37 with it. The problem happened
under a fresh install of Slack, not the backup image. Well the backup image,
everything is now working as it was before.

So if you want me to run any tests to have you look at this to see how this
is working, without needing any rules, host, or tunnels configured and just
the 3 files I use is all, policy, interfaces, zones, I'll be glad to show
you it works now as I've been using it. Which by the way I do find odd,
unless, because I'm using a VPN service, I do not need to configure things
the way I've read online, since I'm not running an OpenVPN sever, I'm just a
client connecting to a VPN service. But I still thought even in this sense
I'd need to have a rule to open the ports and protocols and I don't. I don't
even need to open/forward the ports on my router....

THANKS

On Thu, Jul 21, 2011 at 3:00 PM, Tom Eastep <teastep@shorewall.net> wrote:

>
> On Jul 21, 2011, at 2:55 PM, Das wrote:
>
>
>> I forgot to mention, I'm just a client using a VPN service, I'm not
>> running an OpenVPN server and then connecting to it.
>>
>> I originally thought just like how the docs show, you use a protocol and
>> it's port and you define those in the rules and possibly host and tunnel as
>> well but I don't need to, it's working just fine with only those 3 files and
>> I've actually used 4 different VPN providers over the past year with those 3
>> files just like they are and all connections to all of the VPN providers
>> worked just fine, that was in Slackware 13.1 earlier in the year.
>>
>
> And I'm telling you that there is absolutely no reason for it to have
> worked at all, which makes me wonder if Shorewall is even started.
>
>
>> I have tap and tun because I was using in the past IPsec which uses tap,
>> so I keep it there in case I start using IPsec again.
>>
>> I do not see any types of failure or error messages, it's like taking your
>> Cat5 and unplugging it then trying to ping or go online, the same effect,
>> nothing happens, that's all.
>
>
> The Slackware configuration was logging messages out of the fw->net chain.
>
>
>
>> I have played with using tunnels and host and seen no changes on any of
>> the systems to improve or degrade the outcome, it's all the same whether I
>> use them or not, everything works the same, in short, it doesn't change
>> anything…
>>
>
> Please add the openvpnclient tunnel, Configure LOGFILE correctly and try to
> start OpenVPN with the latest Slackware -- then post the *entire* dump.
>
>
> -Tom
>
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Web Security
> Learn 10 ways to better secure your business today. Topics covered include:
> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
> security Microsoft Exchange, secure Instant Messaging, and much more.
> http://www.accelacomm.com/jaw/sfnl/114/51426210/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users