I wonder if anyone would be able to help me as I struggle to get this setup working.
I have an ARM device running SAIL on Debian and I've set up an OpenVPN server in bridged mode on the device. I'm using the script @ openvpn.net to bring up the bridge interface - but its pretty straightforward (ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast).
If I bring up the openvpn server without creating the bridge interface I can get an openvpn connection - the client gets an IP address from the range issued to the openvpn server, but because the bridge isn't up there's no routing.
If I bring the bridge up first, then the openvpn server I can't get a connection from the client.
I've looked and read up on the shorewall documentation, and I thought I'd got the setup, it appeared I needed to add a Tunnel config and add the bridge interface / create the vpn zone etc. but I can't seem to get it working. Is this because SAIL is using a shorewall config designed for 1 interface and I've not made the correct changes to add this 2nd virtual interface?
#
# Shorewall version 3.4 - Sample Interfaces File for one-interface configuration.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-interfaces"
#
# For additional information, see
#
http://shorewall.net/Documentation.htm#Interfaces#
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
vpn br0 detect dhcp,tcpflags,logmartians,nosmurfs,routeback
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
# My Shorewall Tunnel file 11.2.14
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
#
###############################################################################
#TYPE ZONE GATEWAY GATEWAY ZONES
openvpnserver net 0.0.0.0/0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#
# Shorewall version 3.4 - Sample Zones File for one-interface configuration.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#-----------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-zones"
#
# For more information, see
http://www.shorewall.net/Documentation.htm#Zones#
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
vpn ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
MTIA
Irksome
2 Replies
2663 Views