Fiaf and OpenVpn

Paul Bijnens email hidden
Wed Feb 13 10:27:39 CET 2008 

On 2008-02-12 20:32, Bernardo Pita wrote:
> Hi, I need to know if Fiaif work in a OpenVPN scenario !.

I use fiaif and openvpn.  And it works.

I'm using different versions like fiaif1.20.0 (oldest) 1.21.1 (newer)
and openvpn 1.0.9 on 6 different small computers (500-800Mhz, 128-256 Mbyte RAM)
running CentOS 4 and CentOS 5.
They interconnect 6 lan's, and 2 of the firewalls also accept
connections from roadwarriors.
Works very good.


> 
> I use fiaif 1.21.1 in a Debian box with two zones, one to internet and 
> the other to our private lan. Today we try to add a third zone with the 
> OpenVPN interface but when running appears an error (fiaif test say done).
> 
> fiaif.conf:
> ZONES="INT EXT VPN"
> CONF_INT=zone.int
> CONF_EXT=zone.ext
> CONF_VPN=zone.vpn
> 
> zone.vpn
> NAME=VPN
> DEV=tun0
> DYNAMIC=0 (we try with 1 to)

I have DYNAMIC=1 on the vpn zone.
I also have "DEV=tun+" to allow as well tun0 and tun1 on the firewalls
that run as openvpn client and as openvpn server at the same time.


> GLOBAL=0
> IP=10.10.10.1
> MASK=255.255.255.0
> NET=10.10.10.0/255.255.255.0
> BCAST=10.10.10.255
> 
> The error say this:
> 
> FIAIF ver. 1.21.1, by Anders Fugmann (C) 2002-2004
> Clearing all rules: Done.
> Configuring zone: INT EXT VPN
> iptables v1.3.8: unknown protocol `input_vpn' specified

Here is your error.
Somewhere in the zone.vpn is a rule that is resulting
in "iptables ... -p input_vpn ..."
Have a look in the file /tmp/fiaif.out.


> Try `iptables -h' or 'iptables --help' for more information.
> Error: iptables -t filter -A INPUT_VPN -p INPUT_VPN -s -j -d -j LOG_
> 
> ### *** FIAIF encountered errors ***
> ### 0 error(s) when testing zone configurations.
> ### 0 reference(s) to undefined zones.
> ### 0 error(s) in rule specifications.
> ### 1 iptables rule generation error(s).
> ### Please issue '/etc/init.d/fiaif test' and inspect /tmp/fiaif.out for 
> descriptions.
> Cleaning up rules: Done.



-- 
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens at xplanation.com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************

More information about the fiaif mailing list