[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] openvpn and SuSEfirewall



Quoting "Kaiser, Hans" <r_2@xxxxxx>:

> Hallo list,
>
> I'm using openvpn and SuSEfirewall. Oenvpn is running fine, but my routing
> won't work.
> My local network (eth0) is 192.168.1.0/24
> My tunnel net    (tun1) is 192.168.2.0/24
>
> So I'm trying to route the both nets, but I get for every protocol from the
> SuSEfirewall:
> SFW2-FWDint-DROP-DEFLT IN=tun1 OUT=eth0 SRC=192.168.2.1 DST=192.168.1.250
> LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=2 DF PROTO=ICMP TYPE=8 CODE=0 ID=2365
> SEQ=3
>
> [snip]
>
> FW_DEV_EXT="ppp0"
> FW_DEV_INT="eth0 tun1"

As I understand it, SuSE Firewall was designed with the intention of only
routing between Internal and External interfaces, not between two that are
Internal or two that are External.

So both eth0 and tun1 (shouldn't that be tun0?) should route out your ppp
connection, but not between each other.

What's the context of your environment?  Offhand, I don't know the necessary
changes to make those two route, perhaps someone else on the list does.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here