Hi suse-security, im running suse linux 9.3 and have newly installed openvpn. i added the tun0 device to my internal devices in the config of susefirewall2. everything works now correctly concerning opnevpn. i only have one problem left: the tun0 device is created when openvpn starts. so if the firwall has already been started, i have to restart it to make it work. so should i make openvpn start before susefirwall2 or should i call a restart of the firwall within the openvpn start script or are there other ideas? -- mfg vbargsten mailto:beer@freakmail.de
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-09-21 at 18:09 +0200, vbargsten wrote:
work. so should i make openvpn start before susefirwall2 or should i call a restart of the firwall within the openvpn start script or are there other ideas?
Probably a reload would work, and faster. Try "SuSEfirewall2" alone. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFEw10tTMYHG2NR9URAroaAJ9552KvdFhy+LTlRLJqD+ypZcHW+ACfYMvY InkJHgzds9GCE/fWPJ86A58= =uTUW -----END PGP SIGNATURE-----
vbargsten wrote:
Hi suse-security,
im running suse linux 9.3 and have newly installed openvpn. i added the tun0 device to my internal devices in the config of susefirewall2. everything works now correctly concerning opnevpn. i only have one problem left: the tun0 device is created when openvpn starts. so if the firwall has already been started, i have to restart it to make it work. so should i make openvpn start before susefirwall2
Not if the network interfaces need to be brought up before the tunnel can be established. Starting the firewall after the vpn would leave you wide open until the vpn is up and running. Granted it would only be for a short time at boot, but what if the vpn gets hung and takes a while to start? You are left without a firewall until the vpn finishes loading. If you would have to restart the vpn without a reboot you would have to manually restart the firewall as well. or should i
call a restart of the firwall within the openvpn start script or are there other ideas?
IMO this is a much better choice. Better yet would be a reload as Carlos suggested. At any rate bringing up network interfaces before the firewall is probably not a good idea. Regards, Andy -- ---------------------- Andy Smith wasmith32@comcast.net ----------------------
participants (3)
-
Andy Smith
-
Carlos E. R.
-
vbargsten