[Shorewall-users] shorewall-init not reacting to tunnel interface change

Tue, 23 Feb 2016 02:55:37 -0800 

Hi, I'm running shorewall 4.5.21.6 on Ubuntu 14.04.1 on one system and on
14.04.3 on another system. Working on some failover scenarios I installed
shorewall-init first using aptitude, then by hand (also 4.5.21.6). Either
way appeared to work fine. I configured /etc/default/shorewall-init with
PRODUCTS="shorewall" and IFUPDOWN=1.

I have some openvpn tunnels that are providers i.e. have their own routing
tables and corresponding ip rules (route_rules). The problem is, that if I
run (e.g.) service openvpn stop tun5 - shorewall does not reconfigure
accordingly. That is to say, ifconfig tun5 reports Device not found -
however, ip rule still shows the rule corresponding to that tunnel and ip
route still shows the corresponding table.

If I manually run shorewall restart, then the rule disappears and the
routing table is cleared.  Also, /var/lib/shorewall/tun5.status toggles
from 0 to 1 only after the manual shorewall restart. Behavior is analogous
when I restart the tunnel - a manual "shorewall restart" is needed before
anything appears to change.

What is interesting, is that if I do an ifdown eth0 or ifup eth0,
shorewall-init DOES reconfigure appropriately (a different provider and
different route_rules of course). But I can't use ifup or ifdown on an
openvpn tunnel, they don't appear in /etc/network/interfaces.

What am I missing? Or is this simply unsupported, in which case I guess I
can put an explicit shorewall restart into the openvpn configs...

Thanks in advance!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to