class firewall::openvpn {
  shorewall::zone { 'vpn':
    type  => 'ipv4',
    order => '4',
  }

  shorewall::interface { 'tun0':
    zone => 'vpn',
  }

  shorewall::policy { 'loc-vpn':
    sourcezone      => 'loc',
    destinationzone => 'vpn', 
    policy          => 'ACCEPT',
    order           => '20',
  }

  shorewall::policy { 'vpn-loc':
    sourcezone      => 'vpn',
    destinationzone => 'loc', 
    policy          => 'ACCEPT',
    order           => '21',
  }

  shorewall::policy { 'fw-vpn':
    sourcezone      => '$FW',
    destinationzone => 'vpn', 
    policy          => 'ACCEPT',
    order           => '22',
  }

  shorewall::tunnel { 'openvpn':
    tunnel_type => 'openvpnclient',
    zone        => 'net',
  }
}