path: root/README.md
diff options
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2019-07-22 13:12:39 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2019-07-22 13:17:22 +0300
commit7c22d6f6e9d7430cde6f2ff985de6ab25e9db797 (patch)
tree960e4e1695094b2eb9904fae930db2352c4271db /README.md
parent7e694929d0faeb54ea56f644177b20def70c57f8 (diff)
README: insert warning on firewall
Diffstat (limited to 'README.md')
1 files changed, 12 insertions, 3 deletions
diff --git a/README.md b/README.md
index d0a412e..97c8c62 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,15 @@ rc-service lighttpd start
## Setting Up a Hub
+*Warning*: This procedure will automatically set up the `iptables` firewall
+using `awall`. If you require any additional rules, such as allowing SSH access
+to the host, you should configure those first. The easiest way to do so is to
+use the `setup-firewall` utility:
+<pre>apk add awall-policies
Install the `dmvpn` package on the host to be configured as a DMVPN hub. It is
assumed that the network configuration of the host is already in place.
@@ -130,9 +139,9 @@ maximum length should be given.
<pre>setup-dmvpn &lt;pfx file&gt;
-The hub is now operational. The tool sets up the `iptables` firewall
-automatically using `awall`. Firewall for IPv6 (`ip6tables`) is set up only if
-IPv6 addresses are defined for the VPN.
+The hub is now operational and its firewall has been set up. Firewall for IPv6
+(`ip6tables`) is set up by `setup-dmvpn` only if IPv6 addresses are defined for
+the VPN. (`setup-firewall` sets it up if IPv6 is enabled in the kernel.)
Due to an unresolved issue, you may have to reboot the host if VPN tunnels are
not established within a reasonable time.