Add 'openvpnclient' and 'openvpnserver' to the Open VPN doc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2574 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-27 21:47:09 +00:00
parent c457976d17
commit e6192d0bd3

View File

@ -21,7 +21,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-02-08</pubdate> <pubdate>2005-08-27</pubdate>
<copyright> <copyright>
<year>2003</year> <year>2003</year>
@ -254,6 +254,17 @@ road tun+</programlisting>
openvpn:1194 net 0.0.0.0/0</programlisting> openvpn:1194 net 0.0.0.0/0</programlisting>
</blockquote> </blockquote>
<para>If you are running Shorewall 2.4.3 or later, you might prefer the
following in <filename>/etc/shorewall/tunnels</filename> on system A.
Specifying the tunnel type as openvpnserver has the advantage that the VPN
connection will still work if the client is behind a gateway/firewall that
uses NAT.</para>
<blockquote>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
openvpnserver:1194 net 0.0.0.0/0</programlisting>
</blockquote>
<para>We want the remote systems to have access to the local LAN — we do <para>We want the remote systems to have access to the local LAN — we do
that with an entry in <filename>/etc/shorewall/policy</filename> (assume that with an entry in <filename>/etc/shorewall/policy</filename> (assume
that the local LAN comprises the zone <quote>loc</quote>).</para> that the local LAN comprises the zone <quote>loc</quote>).</para>
@ -326,6 +337,15 @@ home tun0</programlisting>
openvpn:1194 net 206.162.148.9</programlisting> openvpn:1194 net 206.162.148.9</programlisting>
</blockquote> </blockquote>
<para>Again in you are running Shorewall 2.4.3 or later, in
<filename>/etc/shorewall/tunnels</filename> on system B you might
prefer:</para>
<blockquote>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
openvpnclient:1194 net 206.162.148.9</programlisting>
</blockquote>
<para>We want the remote clien to have access to the local LAN — we do <para>We want the remote clien to have access to the local LAN — we do
that with an entry in <filename>/etc/shorewall/policy</filename>.</para> that with an entry in <filename>/etc/shorewall/policy</filename>.</para>