Strange problem with Openvn 2.2.1 and Suse firewall

hi
recently i have got one problem with openvpn and suse firewall…

is like this…
i got my pc with opensuse 11.2 making my home router
and got openvpn installed for me to work outside home if need …

the problem is when my DSL renew ip
so if my connection fails i have one script on cron that till today was working like a charm
this scrip is verifying the connection minute to minute and if dsl down
restart openvpn and network interfaces
i have make a custom string match to tun0 in yast → firewall network interfaces and assign to internal network zone …

the problem is that some services like apache is with the doors blocked every time the connection down and up…
i have try to watch in /var/log/firewall and var/log/messages and nothing appear …

for solve this situation i get 2 methods … one is to stop the firewall and start again and the services will be rolling again inside the openvpn the other is stop and start again the openvpn…

now i have add to the script that restart the network interfaces and the vpn one sleep of 3 , 6 , 10 seconds because i have think that was a problem the services restarting … but no the problem stills append …

another thing that is strange, whe i run ->yas->firewall and yast show me the log that is gonna write to iptables i watch in that that tun0 is on unknow zone but i have the custom string with tun0 to the internal network
and is working because after this boring situation the when i restart the openvpn or the stop and start the suse firewall
all the traffic is permitted so i think that the custom string is in the right place …
and i have removed the string just to check and if i make that i can t to pass any traffic so the the custom string to apply tun0 to internal network is working…

any ideas or tips ??

Tank s

hi
recently i have got one problem with openvpn and suse firewall…

is like this…
i got my pc with opensuse 11.2 making my home router
and got openvpn installed for me to work outside home if need …

the problem is when my DSL renew ip
so if my connection fails i have one script on cron that till today was working like a charm
this scrip is verifying the connection minute to minute and if dsl down
restart openvpn and network interfaces
i have make a custom string match to tun0 in yast → firewall network interfaces and assign to internal network zone …

the problem is that some services like apache is with the doors blocked every time the connection down and up…
i have try to watch in /var/log/firewall and var/log/messages and nothing appear …

for solve this situation i get 2 methods … one is to stop the firewall and start again and the services will be rolling again inside the openvpn the other is stop and start again the openvpn…

sometimes restart openvpn do not fix the problem, i must get in yast → firewall and make start stop is the only way…

so i m thinking that the problem could be the iptables…

now i have add to the script that restart the network interfaces and the vpn one sleep of 3 , 6 , 10 seconds because i have think that was a problem the services restarting … but no the problem stills append …

another thing that is strange, whe i run ->yas->firewall and yast show me the log that is gonna write to iptables i watch in that that tun0 is on unknow zone but i have the custom string with tun0 to the internal network
and is working because after this boring situation the when i restart the openvpn or the stop and start the suse firewall
all the traffic is permitted so i think that the custom string is in the right place …
and i have removed the string just to check and if i make that i can t to pass any traffic so the the custom string to apply tun0 to internal network is working…

any ideas or tips ??

Tank s

Openvpn creates it’s own firewall rules. Maybe this interferes with openSUSE firewall. Check how iptables look when it’s working and when it’s not. I think there is a guide on how to disable openvpn adding it’s own firewall rules. Another option might be to disable openSUSE firewall.

Best regards,
Greg

hi
tank s for reply…

I can t disable Suse firewall… because this pc is the router and i need masquerading … because the FW…

Now you say to watch to IPtables before and after run openvpn ? -> no, that make no sense because look for this example

if reboot the PC now :

                         Start the computer OS wait ... Start DSL and apache for example and openvpn...
        all ok

now :
i try to connect from the outside with one 3g pen for example and all ok…
connect by ssh ->all ok…

now : for simulate this problem i do :
i restart my network interfaces …
ok. So now i have get out wait for 2 minutes and the one script will make my connection up again

now : i have /var/log/messages and firewall open in one screen and watch and nothing abnormal…

    so my connection is now i try to connect again and i get the success (i m talking in my other pc from outside with pen 3g...)
    but now if i want to open port 21 or 8080 or 82828 i can t and all the services in the pc that is running are blocked inside 
    when i say inside  is over the vpn because if i try to watch in the computer that have the openvpn server installed everything works well
    if i make for example http://127.0.0.1:8282 ok or 192.168.1.1:8282 ...ok

now : back to the pc that get in by outside (3g)
i run yast ->firewall -> start and stop and make http://10.8.0.1:8282 and ok…

see my dilemma …