openSUSE Firewall issue

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
djm
OpenVpn Newbie
Posts: 6
Joined: Fri Aug 13, 2010 11:02 pm

openSUSE Firewall issue

Post by djm » Thu Nov 11, 2010 3:28 am

I have an openSUSE Linux OpenVPN server/client (server to some clients and also client to another server) all setup and working for some time. I recently wanted to add the ability of other computers on the LAN of the openSUSE box to be able to acces the remote OpenVPN server.

I have set up the ccd folder at the remote server, and added the route to the local gateway. If I turn off the openSUSE firewall everything works as expected.

But I cannot get the openSUSE firewall when on to allow the forwarding traffic. The Firewall log is:

Nov 11 11:47:29 harmony-server kernel: [280338.281117] SFW2-FWDint-DROP-DEFLT IN=eth1 OUT=tun3 SRC=192.168.51.1 DST=192.168.52.2 LEN=32 TOS=0x00 PREC=0x00 TTL=254 ID=21768 PROTO=ICMP TYPE=8 CODE=0 ID=24923 SEQ=0

tun3 is the OpenVPN network 10.8.52.0/24. This log was generated by an attempt to ping the computer 192.168.52.2 (which is the remote OpenVPN server - VPN IP is 10.8.52.1).

If instead I add a route on the local router to pass all 10.8.52.0/24 traffic to the Linux box and ping 10.8.52.1 then the firewall lets it through.

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: openSUSE Firewall issue

Post by krzee » Tue Nov 16, 2010 10:12 am

djm wrote:I recently wanted to add the ability of other computers on the LAN of the openSUSE box to be able to acces the remote OpenVPN server.
the lan is behind the server or client?
I have set up the ccd folder at the remote server, and added the route to the local gateway. If I turn off the openSUSE firewall everything works as expected.
ok... so you found that the firewall is your issue...
If instead I add a route on the local router to pass all 10.8.52.0/24 traffic to the Linux box and ping 10.8.52.1 then the firewall lets it through.
ok... and you may have found a workaround (not sure since your above nouns are rather vague)

is there a question regarding openvpn hidden in here?
sounds like you need support from people who support your firewall

Post Reply