Koozali.org: home of the SME Server
Obsolete Releases => SME VoIP (Asterisk, SAIL etc) => Topic started by: Irksome on February 13, 2014, 05:26:32 PM
-
I wonder if anyone would be able to help me as I struggle to get this setup working.
I have an ARM device running SAIL on Debian and I've set up an OpenVPN server in bridged mode on the device. I'm using the script @ openvpn.net to bring up the bridge interface - but its pretty straightforward (ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast).
If I bring up the openvpn server without creating the bridge interface I can get an openvpn connection - the client gets an IP address from the range issued to the openvpn server, but because the bridge isn't up there's no routing.
If I bring the bridge up first, then the openvpn server I can't get a connection from the client.
I've looked and read up on the shorewall documentation, and I thought I'd got the setup, it appeared I needed to add a Tunnel config and add the bridge interface / create the vpn zone etc. but I can't seem to get it working. Is this because SAIL is using a shorewall config designed for 1 interface and I've not made the correct changes to add this 2nd virtual interface?
#
# Shorewall version 3.4 - Sample Interfaces File for one-interface configuration.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-interfaces"
#
# For additional information, see
# http://shorewall.net/Documentation.htm#Interfaces
#
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
vpn br0 detect dhcp,tcpflags,logmartians,nosmurfs,routeback
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
# My Shorewall Tunnel file 11.2.14
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
#
###############################################################################
#TYPE ZONE GATEWAY GATEWAY ZONES
openvpnserver net 0.0.0.0/0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#
# Shorewall version 3.4 - Sample Zones File for one-interface configuration.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#-----------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-zones"
#
# For more information, see http://www.shorewall.net/Documentation.htm#Zones
#
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
vpn ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
MTIA
Irksome
-
In short, don't know but...
Have you added firewall rules to allow the vpn subnet through the firewall?
We do use the Shorewall single interface template as a start point but you can freely add zones (as you have done) and then refer to them in the rules file. We do that ourselves for DRBD and Corosync communication in ASHA and it just works, as long as the rules allow the packets through the firewall.
Kind Regards
S
-
Thank you ... somehow I'd completey missed the rules ...
I'm going to go and sit in a dark room now :shock: