z2-4 and z2-9 are on the same lan

• z2-4 /etc/init.d/openvpn stop server-4-from-9
• z2-4 mv /etc/openvpn/server-4-from-9.conf /etc/openvpn/server-4-from-9.conf.use-eth0
• z2-9 /etc/init.d/openvpn stop client-9-to-4
• z2-9 mv /etc/openvpn/client-9-to-4.conf /etc/openvpn/client-9-to-4.conf.use-eth0
• apt-get install vlan
• z2-4 /etc/network/interfaces

  iface eth0.3190 inet static
          address 10.1.4.9
          netmask 255.255.0.0
  

• z2-9 /etc/network/interfaces

  iface eth0.3190 inet static
          address 10.1.9.4
          netmask 255.255.0.0
  

• z2-4 & z2-9 activate interface

  ifup eth0.3190
  

• /etc/shorewall/interfaces add

  loc     eth0.3190       detect          dhcp,tcpflags,nosmurfs
  

• z2-4 & z2-9 restart shorewall

  shorewall restart ; sleep 30 && shorewall clear
  

• z2-4 & z2-9 /etc/quagga/ospfd.conf

   no passive-interface eth0.3190
  

• z2-4 & z2-9 /etc/init.d/quagga restart