diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml
index 74c90ee84..d3f6cc280 100644
--- a/Shorewall-docs2/OPENVPN.xml
+++ b/Shorewall-docs2/OPENVPN.xml
@@ -21,7 +21,7 @@
- 2005-09-30
+ 2005-10-12
2003
@@ -290,30 +290,30 @@ road loc ACCEPT
dev tun
server 192.168.2.0 255.255.255.0
-
+
dh dh1024.pem
-
+
ca /etc/certs/cacert.pem
-
+
crl-verify /etc/certs/crl.pem
-
+
cert /etc/certs/SystemA.pem
key /etc/certs/SystemA_key.pem
-
+
port 1194
-
+
comp-lzo
-
+
user nobody
-
+
group nogroup
-
+
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
-
+
verb 3
@@ -371,28 +371,28 @@ $FW home ACCEPT
dev tun
remote 206.162.148.9
up /etc/openvpn/home.up
-
+
tls-client
pull
-
+
ca /etc/certs/cacert.pem
cert /etc/certs/SystemB.pem
key /etc/certs/SystemB_key.pem
-
+
port 1194
-
+
user nobody
group nogroup
-
+
comp-lzo
-
+
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
-
+
verb 3
@@ -564,28 +564,82 @@ verb 3
url="SimpleBridge.html">Simple Bridge documentation.
- /etc/shorewall/interfaces
+ Firewall
- Note that the bridge (br0) is defined as the interface to the
- local zone and has the routeback
- option.
+
+ /etc/shorewall/interfaces
- #ZONE INTERFACE BROADCAST OPTIONS
+ Note that the bridge (br0) is defined as the interface to the
+ local zone and has the routeback
+ option.
+
+ #ZONE INTERFACE BROADCAST OPTIONS
net eth2 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs
loc br0 192.168.1.255 dhcp,routeback
dmz eth1 - logmartians
Wifi eth0 192.168.3.255 dhcp,maclist
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+
+
+
+ /etc/shorewall/tunnels
+
+ #TYPE ZONE GATEWAY GATEWAY
+# ZONE
+openvpnserver:1194 Wifi 192.168.3.0/24
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+
- /etc/shorewall/tunnels
+ Tipper
- #TYPE ZONE GATEWAY GATEWAY
-# ZONE
-openvpn-server:1194 Wifi 192.168.3.0/24
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+
+ /etc/shorewall/zones
+
+ #ZONE IPSEC OPTIONS IN OUT
+# ONLY OPTIONS OPTIONS
+home ipv4 #Wired LAN at our home
+net ipv4
+#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
+
+
+
+
+ /etc/shorewall/interfaces
+
+ #ZONE INTERFACE BROADCAST OPTIONS
+#
+net eth0 detect routefilter,dhcp,tcpflags
+home tap0 192.168.1.255
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+
+
+
+
+ /etc/shorewall/policy
+
+ Since we don't expect any traffic between the net zone and the home zone, we use NONE policies for that
+ traffic. If any such traffic should occur, it will be handled
+ according to the all->all policy.
+
+ #SOURCE DEST POLICY LOG LIMIT:BURST
+# LEVEL
+fw net ACCEPT
+fw home ACCEPT
+home fw ACCEPT
+net home NONE
+home net NONE
+net all DROP info
+# The FOLLOWING POLICY MUST BE LAST
+all all REJECT info
+#LAST LINE -- DO NOT REMOVE
+
+
+
\ No newline at end of file