We have a location were we need remote access through a firewall to the LAN behind the firewall. For these purposes we configured a Gentoo machine with Shorewall and OpenVPN. The tap0 and eth0 are together in a bridge and this way a VPN client has access to the LAN behind the firewall. Works excellent for quite some time.
Now we wanted the same functionality at another location. So we duplicated the solution. But no way that we got the bridging working. After some testing it became clear that the problem was with shorewall. But we had the exact same configuration as in the other location.
Finally Martijn discovered the only difference between the two Firewalls; the working one was kernel 2.6.16 and the new one 2.6.24. After some more Googling the following statement was found on the Shorewall site:
Warning
SUPPORT FOR BRIDGING AS DESCRIBED IN THIS ARTICLE IS DISCONTINUED IN LINUX KERNEL 2.6.20. The underlying Netfilter features that Shorewall Bridge/Firewall support relies on were removed from Netfilter and it is no longer possible to define Shorewall zones in terms of physical bridge ports.
In another article, I describe how to configure a bridge/firewall which will work with kernel 2.6.20 and later versions.
After that is was following the instructions in the mentioned article and we had a running bridged VPN.
Comments