good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
Hey all,
I'm trying to get openvpn working on DD-WRT router.
I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Hi,
I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given.
So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc:
http://wiki.centos.org/HowTos/vpnc
but it just times out
?? (2 Replies)
Hello gurus ,
I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386
my xp ip is 192.168.0.12
my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...)
my freebsd le2 (int iface, vmware local only) is 192.168.141.5
my freebsd le1 is disabled as... (0 Replies)
I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from.
So the idea is... (0 Replies)
--ns-cert-type client|server
Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server".
This is a useful security option for clients, to ensure that the host they connect with is a designated server.
See the easy-rsa/build-key-server script for... (0 Replies)
SHOREWALL-RTRULES(5) [FIXME: manual] SHOREWALL-RTRULES(5)NAME
rtrules - Shorewall Routing Rules file
SYNOPSIS
/etc/shorewall/rtrules
DESCRIPTION
Entries in this file cause traffic to be routed to one of the providers listed in shorewall-providers[1](5).
The columns in the file are as follows.
SOURCE (Optional) - {-|[&]interface|address|interface:address}
An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally
followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself.
Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the
named interface.
DEST (Optional) - {-|address}
An ip address (network or host) that matches the destination IP address in a packet.
If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST.
PROVIDER - {provider-name|provider-number|main}
The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254
for the main routing table. This can be used in combination with VPN tunnels, see example 2 below.
PRIORITY - priority
The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the
order in which they appear in the file.
1000-1999
Before Shorewall-generated 'MARK' rules
11000-11999
After 'MARK' rules but before Shorewall-generated rules for ISP interfaces.
26000-26999
After ISP interface rules but before 'default' rule.
MARK - {-|mark[/mask]}
Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when
logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask.
EXAMPLES
Example 1:
You want all traffic coming in on eth1 to be routed to the ISP1 provider.
#SOURCE DEST PROVIDER PRIORITY MASK
eth1 - ISP1 1000
Example 2:
You use OpenVPN (routed setup /tunX) in combination with multiple providers. In this case you have to set up a rule to ensure that the
OpenVPN traffic is routed back through the tunX interface(s) rather than through any of the providers. 10.8.0.0/24 is the subnet chosen
in your OpenVPN configuration (server 10.8.0.0 255.255.255.0).
#SOURCE DEST PROVIDER PRIORITY MASK
- 10.8.0.0/24 main 1000
FILES
/etc/shorewall/rtrules
SEE ALSO
http://shorewall.net/MultiISP.html
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)NOTES
1. shorewall-providers
http://www.shorewall.net/manpages/shorewall-providers.html
[FIXME: source] 06/28/2012 SHOREWALL-RTRULES(5)