class firewall::implementations::shorewall::openvpn {
  shorewall::zone { 'vpn':
    type  => 'ipv4',
    order => 4,
  }

  shorewall::interface { 'tun0':
    zone => 'vpn',
  }

  shorewall::policy { 'loc-vpn':
    sourcezone      => 'loc',
    destinationzone => 'vpn', 
    policy          => 'ACCEPT',
    order           => 20,
  }

  shorewall::policy { 'vpn-loc':
    sourcezone      => 'vpn',
    destinationzone => 'loc', 
    policy          => 'ACCEPT',
    order           => 21,
  }

  shorewall::policy { 'fw-vpn':
    sourcezone      => '$FW',
    destinationzone => 'vpn', 
    policy          => 'ACCEPT',
    order           => 22,
  }

  shorewall::tunnel { 'openvpn':
    tunnel_type => 'openvpnclient',
    zone        => 'net',
  }
}