starting from problem 2: the good
see github, tnx! bug fixed but some doubts:
while retrying new packages i’ve noted that Role VPN didn’t exist if i install only openvpn… it’s the normal behavior?
to replicate…
installed openvpn
configured and enabled 1 user (vpn only) + openvpn roadwarrior
create a zone ztest 192.168.101.0/24
trying to create new rule in firewall rule with source Role VPN but no ROle VPN zone exists
reboot
check existence of Role VPN in Firewall Rule NO
installed IPsec VPN
now i have Role Vpn
create new rule in firewall rule with source Role VPN, destination zone ztest: as expected BUG replicated
deleted rule
install new packages
create new rule in firewall rule with source Role VPN, destination zone ztest: new rule created correctly
problem 1: the bad
if you have done the steps of problem 2
in /etc/openvpn/host-to-net.conf
after the cert you will see something like:
…
push “dhcp-option NBT 2”
push “route 192.168.200.0 255.255.255.0”
…
now add a static route
recheck the /etc/openvpn/host-to-net.conf and now you have also the push of the static route:
problem 3: the ugly
in two of my test i’ve updated a vm and a HP N36L installed with the first nDPI packages (and kernel 4.4.19)
update was ok (also new kernel 4.4.22-1.el7.elrepo.x86_64), but at boot always start the 4.4.19…
so i changed grub default to start with 4.4.2
on VM all ok
on HP crash at boot
i’ll do some other test on HP… while listening The Ecstasy of Gold
update:
following on “problem 2” test…
yes rule is created but, it seems to me that Role VPN create a rule only for ipsec, so in /etc/shorewall/rule i have
Great! test in progress…
done… see github and tnx!
now openvpn is up and working as my old config on 6.8 and also ipsec is working with pfSense on the other side…
just one last doubt I didn’t note before as it’s not really a problem for me, but creating a rule from “Role VPN” will accept (or deny/etc) traffic from both ipsec and openvpn… it would not be better split them?