From e6192d0bd34720a941025496a10b9ba1172cf932 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 27 Aug 2005 21:47:09 +0000 Subject: [PATCH] Add 'openvpnclient' and 'openvpnserver' to the Open VPN doc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2574 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/OPENVPN.xml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml index 6013d9247..bded714e7 100644 --- a/Shorewall-docs2/OPENVPN.xml +++ b/Shorewall-docs2/OPENVPN.xml @@ -21,7 +21,7 @@ - 2005-02-08 + 2005-08-27 2003 @@ -254,6 +254,17 @@ road tun+ openvpn:1194 net 0.0.0.0/0 + If you are running Shorewall 2.4.3 or later, you might prefer the + following in /etc/shorewall/tunnels on system A. + Specifying the tunnel type as openvpnserver has the advantage that the VPN + connection will still work if the client is behind a gateway/firewall that + uses NAT. + +
+ #TYPE ZONE GATEWAY GATEWAY ZONE +openvpnserver:1194 net 0.0.0.0/0 +
+ We want the remote systems to have access to the local LAN — we do that with an entry in /etc/shorewall/policy (assume that the local LAN comprises the zone loc). @@ -326,6 +337,15 @@ home tun0 openvpn:1194 net 206.162.148.9 + Again in you are running Shorewall 2.4.3 or later, in + /etc/shorewall/tunnels on system B you might + prefer: + +
+ #TYPE ZONE GATEWAY GATEWAY ZONE +openvpnclient:1194 net 206.162.148.9 +
+ We want the remote clien to have access to the local LAN — we do that with an entry in /etc/shorewall/policy.