More puttering with my config and openvpn docs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2927 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs2/OPENVPN.xml

@@ -21,7 +21,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-10-19</pubdate>
+    <pubdate>2005-10-25</pubdate>
 
     <copyright>
       <year>2003</year>
@@ -434,7 +434,7 @@ verb 3</programlisting>
     article</ulink> by Marc Zonzon</para>
   </section>
 
-  <section>
+  <section id="Bridge">
     <title>Securing a Home Wireless Network with OpenVPN (OpenVPN
     Bridge)</title>
 

Shorewall-docs2/myfiles.xml

@@ -53,38 +53,40 @@
     </caution>
 
     <para>I have DSL service with 5 static IP addresses (206.124.146.176-180).
-    My DSL <quote>modem</quote> (Westell 2200) is connected to eth2 and has IP
+    My DSL <quote>modem</quote> (<ulink
-    address 192.168.1.1 (factory default). The modem is configured in
+    url="http://www.westell.com/pages/index.jsp">Westell</ulink> 2200) is
-    <quote>bridge</quote> mode so PPPoE is not involved. I have a local
+    connected to eth2 and has IP address 192.168.1.1 (factory default). The
-    network connected to eth3 which is bridged to interface tun0 via bridge
+    modem is configured in <quote>bridge</quote> mode so PPPoE is not
-    br0 (subnet 192.168.1.0/24), a wireless network (192.168.3.0/24) connected
+    involved. I have a local network connected to eth3 which is bridged to
-    to eth0, and a DMZ connected to eth1 (206.124.146.176/32). Note that I
+    interface tun0 via bridge br0 (subnet 192.168.1.0/24), a wireless network
-    configure the same IP address on both <filename
+    (192.168.3.0/24) connected to eth0, and a DMZ connected to eth1
-    class="devicefile">eth1</filename> and <filename
+    (206.124.146.176/32). Note that I configure the same IP address on both
+    <filename class="devicefile">eth1</filename> and <filename
     class="devicefile">eth2</filename>.</para>
 
     <para>In this configuration:</para>
 
     <itemizedlist>
       <listitem>
-        <para>I use one-to-one NAT for Ursa (my personal system that run SuSE
+        <para>I use one-to-one NAT for <emphasis>"Ursa"</emphasis> (my
-        10.0) - Internal address 192.168.1.5 and external address
+        personal system that run SuSE 10.0) - Internal address 192.168.1.5 and
-        206.124.146.178.</para>
+        external address 206.124.146.178.</para>
       </listitem>
 
       <listitem>
-        <para>I use one-to-one NAT for Eastepnc6000 (My work system -- Windows
+        <para>I use one-to-one NAT for <emphasis>"Eastepnc6000</emphasis>" (My
-        XP SP1). Internal address 192.168.1.6 and external address
+        work system -- Windows XP SP1). Internal address 192.168.1.6 and
-        206.124.146.180.</para>
+        external address 206.124.146.180.</para>
       </listitem>
 
       <listitem>
         <para>I use SNAT through 206.124.146.179 for&nbsp;my Wife's Windows XP
-        system <quote>Tarry</quote>, my <firstterm>crash and burn</firstterm>
+        system <quote><emphasis>Tarry</emphasis></quote>, my <firstterm>crash
-        system "Wookie", our SuSE 10.0 laptop <quote>Tipper</quote> which
+        and burn</firstterm> system "<emphasis>Wookie</emphasis>", our SuSE
-        connects through the Wireless Access Point (wap) via a Wireless Bridge
+        10.0 laptop <quote><emphasis>Tipper</emphasis></quote> which connects
-        (wet), and my work laptop (eastepnc6000) when it is not docked in my
+        through the Wireless Access Point (wap) via a Wireless Bridge (wet),
-        office.<note>
+        and my work laptop (<emphasis>eastepnc6000</emphasis>) when it is not
+        docked in my office.<note>
             <para>While the distance between the WAP and where I usually use
             the laptop isn't very far (50 feet or so), using a WAC11 (CardBus
             wireless card) has proved very unsatisfactory (lots of lost
@@ -107,36 +109,38 @@
 
     <para>The firewall runs on a P-II/233 with Debian Sarge (testing).</para>
 
-    <para>Ursa runs Samba for file sharing with the Windows systems and is
+    <para><emphasis>Ursa</emphasis> runs Samba for file sharing with the
-    configured as a Wins server.</para>
+    Windows systems and is configured as a Wins server.</para>
 
     <para>The wireless network connects to the firewall's eth0 via a LinkSys
     WAP11.&nbsp; In additional to using the rather weak WEP 40-bit encryption
     (64-bit with the 24-bit preamble), I use <ulink
     url="MAC_Validation.html">MAC verification</ulink> and <ulink
-    url="OPENVPN.html">OpenVPN</ulink> in bridge mode.</para>
+    url="OPENVPN.html#Bridge">OpenVPN in bridge mode</ulink>. </para>
 
-    <para>The single system in the DMZ (address 206.124.146.177) runs postfix,
+    <para>The single system in the DMZ (address 206.124.146.177) runs <ulink
-    Courier IMAP (imap and imaps), DNS (Bind 9), a Web server (Apache) and an
+    url="http://www.postfix.org">Postfix</ulink>, <ulink
-    FTP server (Pure-ftpd) under Fedora Core 4. The system also runs fetchmail
+    url="http://www.courier-mta.org/imap/">Courier IMAP</ulink> (imap and
-    to fetch our email from our old and current ISPs. That server is
+    imaps), <ulink url="http://www.isc.org/sw/bind/">DNS (Bind 9)</ulink>, a
-    accessible from the Internet through <ulink url="ProxyARP.htm">Proxy
+    <ulink url="http://www.apache.org">Web server (Apache)</ulink> and an
-    ARP</ulink>.</para>
+    <ulink url="http://www.pureftpd.org/">FTP server (Pure-ftpd)</ulink> under
+    <ulink url="http://fedora.redhat.com/">Fedora Core 4</ulink>. The system
+    also runs <ulink
+    url="http://www.catb.org/~esr/fetchmail/">fetchmail</ulink> to fetch our
+    email from our old and current ISPs. That server is accessible from the
+    Internet through <ulink url="ProxyARP.htm">Proxy ARP</ulink>.</para>
 
-    <para>The firewall system itself runs a DHCP server that serves the local
+    <para>The firewall system itself runs a <ulink
-    and wireless networks.</para>
+    url="http://www.isc.org/sw/dhcp/">DHCP server</ulink> that serves the
+    local and wireless networks.</para>
 
     <para>All administration and publishing is done using ssh/scp. I have a
     desktop environment installed on the firewall but I usually don't start
-    it. X applications tunnel through SSH to Ursa or one of the laptops. The
+    it. X applications tunnel through SSH to <emphasis>Ursa</emphasis> or one
-    server also has a desktop environment installed but it is seldom started
+    of the laptops. The server also has a desktop environment installed but it
-    either. For the most part, X tunneled through SSH is used for server
+    is seldom started either. For the most part, X tunneled through SSH is
-    administration and the server runs at run level 3 (multi-user console mode
+    used for server administration and the server runs at run level 3
-    on Fedora).</para>
+    (multi-user console mode on Fedora).</para>
-
-    <para>I run an SNMP server on my firewall to serve <ulink
-    url="http://www.ee.ethz.ch/~oetiker/webtools/mrtg/">MRTG</ulink> running
-    in the DMZ.</para>
 
     <para>The ethernet interface in the Server is configured with IP address
     206.124.146.177, netmask 255.255.255.0. The server's default gateway is
@@ -145,16 +149,17 @@
     /etc/network/interfaces file (see below) adds a host route to
     206.124.146.177 through eth1 when that interface is brought up.</para>
 
-    <para>In addition to the Openvpn bridge, the firewall hosts an OpenVPN
+    <para>In addition to the OpenVPN bridge, the firewall hosts an OpenVPN
     Tunnel server for VPN access from our second home in <ulink
     url="http://www.omakchamber.com/">Omak, Washington</ulink> or when we are
     otherwise out of town.</para>
 
     <para><graphic align="center" fileref="images/network.png" /><note>
-        <para>Eastepnc6000 is shown in both the local LAN and in the Wifi zone
+        <para><emphasis>Eastepnc6000</emphasis> is shown in both the local LAN
-        with IP address 192.168.1.6 -- clearly, the computer can only be in
+        and in the Wifi zone with IP address 192.168.1.6 -- clearly, the
-        one place or the other. Tipper can also be in either place and will
+        computer can only be in one place or the other.
-        have the IP address 192.168.1.8 regardless.</para>
+        <emphasis>Tipper</emphasis> can also be in either place and will have
+        the IP address 192.168.1.8 regardless.</para>
       </note></para>
   </section>
 
@@ -818,19 +823,28 @@ client-config-dir /etc/openvpn/clients
 ccd-exclusive
 client-to-client
 
-verb 3
+verb 3</programlisting>
-</programlisting>
       </blockquote>
     </section>
   </section>
 
+  <section>
+    <title>Tipper and Eastepnc6000 Configuration in the Wireless
+    Network</title>
+
+    <para>Please find this information in the <ulink
+    url="OPENVPN.html#Bridge">OpenVPN bridge mode</ulink> documentation.
+    </para>
+  </section>
+
   <section>
     <title>Tipper Configuration while on the Road</title>
 
     <para>This laptop is either configured on our wireless network
     (192.168.3.8) or as a standalone system on the road.</para>
 
-    <para>Tipper's view of the world is shown in the following diagram:</para>
+    <para><emphasis>Tipper</emphasis>'s view of the world is shown in the
+    following diagram:</para>
 
     <graphic align="center" fileref="images/network2.png" valign="middle" />