I think I am following all the docs and forum post suggestions but I just can't seem to get site to site OpenVPN connections to work. I have a feeling I'm missing something obvious (or doing something really stupid).
Here is my test setup - four machines... System A - Ubuntu 7-10 - IP: 192.168.2.2 - Gateway: 192.168.2.1 System B - eBox 0.11.99 - Int IP: 192.168.2.1 - Ext IP: 192.168.4.2 - DHCP running - serving: 192.168.2.2 - 192.168.2.10 - OpenVPN service running and active - CA established - certificates generated for self and system C - VPN network address: 192.168.3.0 - VPN network netmask: 255.255.255.0 - OpenVPN network advertised: 192.168.2.0/255.255.255.0 - Protocol: TCP - Port: 1194 - Client authorization by common name: disabled - Allow eBox-to-eBox tunnels: checked - Allow client-to-client connections: not checked - OpenVPN Interface: eth1 (external - 192.168.4.2) System C - eBox 0.11.99 - Ext IP: 192.168.4.3 - Int IP: 192.168.5.1 - DHCP running - serving: 192.168.5.2 - 192.168.5.10 - OpenVPN service running and active - OpenVPN client config - OpenVPN server address: 192.168.4.2 - OpenVPN server protocol: TCP - OpenVPN port: 1194 - CA certificate set to that from system B - Client certificate set to that generated from system B - Client private key set to that generated from system B System D - Ubuntu 7-10 - IP: 192.168.5.2 - Gateway: 192.168.5.1 In the OpenVPN logs on system B I get Event: Client connection initiated Daemon: SystemB Type: server Remote IP: 192.168.4.3 Remote Certificate: systemc.testdomain.net System A can ping 192.168.2.1 (eBox B int) System A can ping 192.168.4.2 (eBox B ext) System A can ping 192.168.4.3 (eBox C ext) System A cannot ping 192.168.5.1 (eBox C int) (Destination Host Unreachable) System A cannot ping 192.168.5.2 (System D) (Destination Host Unreachable) System D can ping 192.168.5.1 (eBox C int) System D can ping 192.168.4.3 (eBox C ext) System D can ping 192.168.4.2 (eBox B ext) System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message) System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message) There are no firewall rules set in any section. Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.2.0/24? Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.3.0/24? Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.5.0/24? Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.5.0/24? Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.2.0/24? Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.3.0/24? Everything seems like it should work - but it doesn't. Any suggestions would be greatly appreciated. If I can get this to work - if there is a way, I would like to volunteer to help improve the documentation - particularly the section on OpenVPN and CA. The documentation doesn't appear to be set up as a wiki so not sure how to submit changes or updates. Thanks, Eric Eric Baenen [EMAIL PROTECTED] www.baenen.com www.washingtoncreek.com
_______________________________________________ Ebox-user mailing list [email protected] https://lists.warp.es/mailman/listinfo/ebox-user
