vbargsten wrote:
Hi suse-security,
im running suse linux 9.3 and have newly installed openvpn. i added the tun0 device to my internal devices in the config of susefirewall2. everything works now correctly concerning opnevpn. i only have one problem left: the tun0 device is created when openvpn starts. so if the firwall has already been started, i have to restart it to make it work. so should i make openvpn start before susefirwall2
Not if the network interfaces need to be brought up before the tunnel can be established. Starting the firewall after the vpn would leave you wide open until the vpn is up and running. Granted it would only be for a short time at boot, but what if the vpn gets hung and takes a while to start? You are left without a firewall until the vpn finishes loading. If you would have to restart the vpn without a reboot you would have to manually restart the firewall as well. or should i
call a restart of the firwall within the openvpn start script or are there other ideas?
IMO this is a much better choice. Better yet would be a reload as Carlos suggested. At any rate bringing up network interfaces before the firewall is probably not a good idea. Regards, Andy -- ---------------------- Andy Smith wasmith32@comcast.net ----------------------