Hi, hopefully, I'm allowed to ask for issues concerning tun devices from openvpn combined with SuSEfirewall2. I'm trying to connect two cups servers via openvpn. For some reasons (old firewalls), I want to keep the tun devices, rather then adding tap devices because of the necessary bridging, which is missing the infrastructure in the firewalls. If I'm not mistaken, it should be possible to forward UDP broadcasts via tun devices. In fact, I'm able to watch the broadcasts flying by in both directions, if I tcpdump the tun device, but for some reason, they're not appearing on the internal eth port, alas they are not forwarded into the local LAN, although I added tun0 to the internal devices, allowed broadcasts, cross forwarded the nets to each other, and added the usual openvpn tun device quirk to scripts/SuSEfirewall2-custom: FW_DEV_EXT="eth0" FW_DEV_INT="tun0 eth1" FW_FORWARD="172.16.23.0/24,172.16.24.0/24 172.16.24.0/24,172.16.23.0/24" FW_ALLOW_FW_BROADCAST_EXT="no" FW_ALLOW_FW_BROADCAST_INT="yes" FW_ALLOW_FW_BROADCAST_DMZ="no" FW_IGNORE_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_INT="no" FW_IGNORE_FW_BROADCAST_DMZ="yes" scripts/SuSEfirewall2-custom: fw_custom_after_antispoofing() { iptables -A INPUT -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT } Of course, other services do run fine on this vpn including nfs. What am I missing here? I experimented with sticking the iptables commands into the other hooks, and also added these: iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -o tun+ -j ACCEPT but obviously my iptables fu is lacking... On google, I couldn't find any more appealing ideas... Is somebody listening here, and is able and willing to rescue me from this silly issue, I would be very grateful. Thanks, Pete -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org