I have been reviewing the threads discussing VPN (specifically OpenVPN w/routing) and have read the on-line docs. Although I believe I have the VPN working, and working with Shorewall, I am certain I do not understand everything which I configured. I am running Shorewall 2.4.3. Adding zone and new interface (tun+) is self explanatory and makes sense. To the tunnels file I added: openvpn:1194 inet Does this allow the UDP connection from VPN client to VPN server? If so could you just do this in a rule? What is special about the tunnels file? I also added a rule for: from vpn zone to defined-zone using TCP on desired port. In my case allowing SSH access from the VPN connection. If VPN connection is made and rule is in place, what is the purpose of the tunnels file? Functionally every ting appears to work. I am just wondering if I am missing something and I have left behind a security gap. --
