Also in the Firewall Tab: _x_ Allow OpenVPN Server tunnel to the [ 1st LAN Interface ]
Check this (assuming 192.168.1.0/24 is the 1st LAN interface) This is what Darrick was referring to. Lonnie On Oct 7, 2011, at 8:58 AM, David Kerr wrote: > Yes it is my firewall. I have set the following in the firewall... > > Pass EXT->LAN TCP/UDP 10.8.0.0/24 > Destination: 192.168.1.0/24 0–65535 > + Pass EXT->Local TCP/UDP 0/0 1194 > Comment: OpenVPN > > > > On Fri, Oct 7, 2011 at 9:53 AM, Darrick Hartman <dhart...@djhsolutions.com> > wrote: > David, > > Is the AstLinux box your firewall at home? If not, you'll need to create a > route on that device for the openvpn subnet. > > If it IS the firewall, you'll have to go into the firewall tab and allow > openvpn traffic to whatever local nets you want it to reach. > > (sorry for the top-reply). > > Darrick > > From: David Kerr [da...@kerr.net] > Sent: Friday, October 07, 2011 8:49 AM > > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] VPN config > > > > On Thu, Oct 6, 2011 at 3:01 PM, Michael Keuter <li...@mksolutions.info> wrote: > > You need to enable the pptp-vpn Firewall-Plugin, and if its not the router, > you need to forward GRE and TCP 1723 to it. > > > That firewall plugin states that it is automatically enabled when PPTP is > enabled, and indeed it seams to be. The firewall problem is at the client > side where I am behind a firewall I have no control on. > > In OpenVPN server, you can leave the default settings, I added in the "push" > box "route 192.168.xx.0 255.255.255.0" for my internal network. > > You need to use certificates. Create one for your user, then you can download > it. Create a new configuration in Viscosity and in Authentication set it to > SSL/TLS Client and import the CA, crt and key from your download. > > You need to be on another network range to be able test it! > > > Okay, have made progress with OpenVPN. Got the certificates all set up. > Configured Viscosity client and it failed to connect. Decided to open > EXT->Local for port 1194 in the Astlinux firewall and then it connected. I > can ping 192.168.1.1 (my Astlinux box). However I cannot get to anything > else inside my network, no 192.168.1.xx. No ping, no http. Is there > anything else I have to do at my firewall or at the viscosity client side? I > do have "route 192.168.1.0 255.255.255.0" in the push field on the server. > > Thanks, > David > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2_______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
