good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
Hey all,
I'm trying to get openvpn working on DD-WRT router.
I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Hi,
I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given.
So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc:
http://wiki.centos.org/HowTos/vpnc
but it just times out
?? (2 Replies)
Hello gurus ,
I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386
my xp ip is 192.168.0.12
my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...)
my freebsd le2 (int iface, vmware local only) is 192.168.141.5
my freebsd le1 is disabled as... (0 Replies)
I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from.
So the idea is... (0 Replies)
--ns-cert-type client|server
Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server".
This is a useful security option for clients, to ensure that the host they connect with is a designated server.
See the easy-rsa/build-key-server script for... (0 Replies)
SHOREWALL6-TUNNELS(5) [FIXME: manual] SHOREWALL6-TUNNELS(5)NAME
tunnels - Shorewall6 VPN definition file
SYNOPSIS
/etc/shorewall6/tunnels
DESCRIPTION
The tunnels file is used to define rules for encapsulated (usually encrypted) traffic to pass between the Shorewall6 system and a remote
gateway. Traffic flowing through the tunnel is handled using the normal zone/policy/rule mechanism. See
http://www.shorewall.net/VPNBasics.html for details.
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
the alternate specification syntax).
TYPE -
{ipsec[:{noah|ah}]|ipsecnat|gre|l2tp|pptpclient|pptpserver|{openvpn|openvpnclient|openvpnserver}[:{tcp|udp}][:port]|generic:protocol[:port]}
Types are as follows:
ipsec - IPv6 IPSEC
ipsecnat - IPv6 IPSEC with NAT Traversal (UDP port 4500 encapsulation)
gre - Generalized Routing Encapsulation (Protocol 47)
l2tp - Layer 2 Tunneling Protocol (UDP port 1701)
openvpn - OpenVPN in point-to-point mode
openvpnclient - OpenVPN client runs on the firewall
openvpnserver - OpenVPN server runs on the firewall
generic - Other tunnel type
If the type is ipsec, it may be followed by :ah to indicate that the Authentication Headers protocol (51) is used by the tunnel (the
default is :noah which means that protocol 51 is not used). NAT traversal is only supported with ESP (protocol 50) so ipsecnat tunnels
don't allow the ah option (ipsecnat:noah may be specified but is redundant).
If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and tcp or udp to specify the protocol to be
used. If not specified, udp is assumed. Note: At this writing, OpenVPN does not support IPv6.
If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and the port number used by the tunnel. if no
":" and port number are included, then the default port of 1194 will be used. . Where both the protocol and port are specified, the
protocol must be given first (e.g., openvpn:tcp:4444).
If type is generic, it must be followed by ":" and a protocol name (from /etc/protocols) or a protocol number. If the protocol is tcp
or udp (6 or 17), then it may optionally be followed by ":" and a port number.
ZONE - zone
The zone of the physical interface through which tunnel traffic passes. This is normally your internet zone.
GATEWAY(S) (gateway or gateways) - address-or-range [ , ... ]
The IP address of the remote tunnel gateway. If the remote gateway has no fixed address (Road Warrior) then specify the gateway as
::/0. May be specified as a network address and if your kernel and ip6tables include iprange match support then IP address ranges are
also allowed.
Beginning with Shorewall 4.5.3, a list of addresses or ranges may be given. Exclusion (shorewall6-exclusion[1] (5) ) is not supported.
GATEWAY ZONE(S) (gateway_zone or gateway_zones) - [zone[,zone]...]
Optional. If the gateway system specified in the third column is a standalone host then this column should contain a comma-separated
list of the names of the zones that the host might be in. This column only applies to IPSEC tunnels where it enables ISAKMP traffic to
flow through the tunnel to the remote gateway(s).
EXAMPLE
Example 1:
IPSec tunnel.
The remote gateway is 2001:cec792b4:1::44. The tunnel does not use the AH protocol
#TYPE ZONE GATEWAY
ipsec:noah net 2002:cec792b4:1::44
Example 2:
Road Warrior (LapTop that may connect from anywhere) where the "gw" zone is used to represent the remote LapTop
#TYPE ZONE GATEWAY GATEWAY ZONES
ipsec net ::/0 gw
Example 3:
Host 2001:cec792b4:1::44 is a standalone system connected via an ipsec tunnel to the firewall system. The host is in zone gw.
#TYPE ZONE GATEWAY GATEWAY ZONES
ipsec net 2001:cec792b4:1::44 gw
Example 4:
OPENVPN tunnel. The remote gateway is 2001:cec792b4:1::44 and openvpn uses port 7777.
#TYPE ZONE GATEWAY GATEWAY ZONES
openvpn:7777 net 2001:cec792b4:1::44
Example 8:
You have a tunnel that is not one of the supported types. Your tunnel uses UDP port 4444. The other end of the tunnel is
2001:cec792b4:1::44.
#TYPE ZONE GATEWAY GATEWAY ZONES
generic:udp:4444 net 2001:cec792b4:1::44
FILES
/etc/shorewall6/tunnels
SEE ALSO
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-zones(5)NOTES
1. shorewall6-exclusion
http://www.shorewall.net/manpages6/shorewall6-exclusion.html
[FIXME: source] 06/28/2012 SHOREWALL6-TUNNELS(5)