On 02/23/2016 02:48 AM, Norman Henderson wrote: > Hi, I'm running shorewall 4.5.21.6 on Ubuntu 14.04.1 on one system and > on 14.04.3 on another system. Working on some failover scenarios I > installed shorewall-init first using aptitude, then by hand (also > 4.5.21.6). Either way appeared to work fine. I configured > /etc/default/shorewall-init with PRODUCTS="shorewall" and IFUPDOWN=1. > > I have some openvpn tunnels that are providers i.e. have their own > routing tables and corresponding ip rules (route_rules). The problem is, > that if I run (e.g.) service openvpn stop tun5 - shorewall does not > reconfigure accordingly. That is to say, ifconfig tun5 reports Device > not found - however, ip rule still shows the rule corresponding to that > tunnel and ip route still shows the corresponding table. > > If I manually run shorewall restart, then the rule disappears and the > routing table is cleared. Also, /var/lib/shorewall/tun5.status toggles > from 0 to 1 only after the manual shorewall restart. Behavior is > analogous when I restart the tunnel - a manual "shorewall restart" is > needed before anything appears to change. > > What is interesting, is that if I do an ifdown eth0 or ifup eth0, > shorewall-init DOES reconfigure appropriately (a different provider and > different route_rules of course). But I can't use ifup or ifdown on an > openvpn tunnel, they don't appear in /etc/network/interfaces. > > What am I missing? Or is this simply unsupported, in which case I guess > I can put an explicit shorewall restart into the openvpn configs... >
You need to do a restart via OpenVPN -- Shorewall Init only handles interfaces that appear in /etc/network/interfaces and those managed by NetworkManager. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
