From 5efcf21b43a53748f839ea3d1ac4f140d6b07d98 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 12 Oct 2005 15:25:01 +0000 Subject: [PATCH] Add more config info for OpenVPN git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2859 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/OPENVPN.xml | 110 +++++++++++++++++++++++++++--------- 1 file changed, 82 insertions(+), 28 deletions(-) diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml index 74c90ee84..d3f6cc280 100644 --- a/Shorewall-docs2/OPENVPN.xml +++ b/Shorewall-docs2/OPENVPN.xml @@ -21,7 +21,7 @@ - 2005-09-30 + 2005-10-12 2003 @@ -290,30 +290,30 @@ road loc ACCEPT dev tun server 192.168.2.0 255.255.255.0 - + dh dh1024.pem - + ca /etc/certs/cacert.pem - + crl-verify /etc/certs/crl.pem - + cert /etc/certs/SystemA.pem key /etc/certs/SystemA_key.pem - + port 1194 - + comp-lzo - + user nobody - + group nogroup - + ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key - + verb 3 @@ -371,28 +371,28 @@ $FW home ACCEPT dev tun remote 206.162.148.9 up /etc/openvpn/home.up - + tls-client pull - + ca /etc/certs/cacert.pem cert /etc/certs/SystemB.pem key /etc/certs/SystemB_key.pem - + port 1194 - + user nobody group nogroup - + comp-lzo - + ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key - + verb 3 @@ -564,28 +564,82 @@ verb 3 url="SimpleBridge.html">Simple Bridge documentation.
- /etc/shorewall/interfaces + Firewall - Note that the bridge (br0) is defined as the interface to the - local zone and has the routeback - option. +
+ /etc/shorewall/interfaces - #ZONE INTERFACE BROADCAST OPTIONS + Note that the bridge (br0) is defined as the interface to the + local zone and has the routeback + option. + + #ZONE INTERFACE BROADCAST OPTIONS net eth2 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs loc br0 192.168.1.255 dhcp,routeback dmz eth1 - logmartians Wifi eth0 192.168.3.255 dhcp,maclist #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +
+ +
+ /etc/shorewall/tunnels + + #TYPE ZONE GATEWAY GATEWAY +# ZONE +openvpnserver:1194 Wifi 192.168.3.0/24 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +
- /etc/shorewall/tunnels + Tipper - #TYPE ZONE GATEWAY GATEWAY -# ZONE -openvpn-server:1194 Wifi 192.168.3.0/24 -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +
+ /etc/shorewall/zones + + #ZONE IPSEC OPTIONS IN OUT +# ONLY OPTIONS OPTIONS +home ipv4 #Wired LAN at our home +net ipv4 +#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE + +
+ +
+ /etc/shorewall/interfaces + + #ZONE INTERFACE BROADCAST OPTIONS +# +net eth0 detect routefilter,dhcp,tcpflags +home tap0 192.168.1.255 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE + +
+ +
+ /etc/shorewall/policy + + Since we don't expect any traffic between the net zone and the home zone, we use NONE policies for that + traffic. If any such traffic should occur, it will be handled + according to the all->all policy. + + #SOURCE DEST POLICY LOG LIMIT:BURST +# LEVEL +fw net ACCEPT +fw home ACCEPT +home fw ACCEPT +net home NONE +home net NONE +net all DROP info +# The FOLLOWING POLICY MUST BE LAST +all all REJECT info +#LAST LINE -- DO NOT REMOVE + +
+ \ No newline at end of file