hi!
I did site to site test and this works fine. The only diference in my
configuration about your is that:
1) I configured the system B for server OpenVPN and client OpenVPN of
system C.
2) I configured the system C for server OpenVPN and client OpenVPN of
system B
Eric Baenen wrote:
I think I am following all the docs and forum post suggestions but I
just can't seem to get site to site OpenVPN connections to work. I have
a feeling I'm missing something obvious (or doing something really stupid).
Here is my test setup - four machines...
System A
- Ubuntu 7-10
- IP: 192.168.2.2
- Gateway: 192.168.2.1
System B
- eBox 0.11.99
- Int IP: 192.168.2.1
- Ext IP: 192.168.4.2
- DHCP running - serving: 192.168.2.2 - 192.168.2.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system C
- VPN network address: 192.168.3.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.2.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.2)
System C
- eBox 0.11.99
- Ext IP: 192.168.4.3
- Int IP: 192.168.5.1
- DHCP running - serving: 192.168.5.2 - 192.168.5.10
- OpenVPN service running and active
- OpenVPN client config
- OpenVPN server address: 192.168.4.2
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system B
- Client certificate set to that generated from system B
- Client private key set to that generated from system B
System D
- Ubuntu 7-10
- IP: 192.168.5.2
- Gateway: 192.168.5.1
In the OpenVPN logs on system B I get
Event: Client connection initiated
Daemon: SystemB
Type: server
Remote IP: 192.168.4.3
Remote Certificate: systemc.testdomain.net
System A can ping 192.168.2.1 (eBox B int)
System A can ping 192.168.4.2 (eBox B ext)
System A can ping 192.168.4.3 (eBox C ext)
System A cannot ping 192.168.5.1 (eBox C int) (Destination Host Unreachable)
System A cannot ping 192.168.5.2 (System D) (Destination Host Unreachable)
System D can ping 192.168.5.1 (eBox C int)
System D can ping 192.168.4.3 (eBox C ext)
System D can ping 192.168.4.2 (eBox B ext)
System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no
error message)
System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no
error message)
There are no firewall rules set in any section.
Do I need to create a firewall rule on eBox B to allow traffic from
192.168.3.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from
192.168.2.0/24 to 192.168.3.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from
192.168.2.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from
192.168.3.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from
192.168.5.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from
192.168.5.0/24 to 192.168.3.0/24?
Everything seems like it should work - but it doesn't. Any suggestions
would be greatly appreciated.
If I can get this to work - if there is a way, I would like to volunteer
to help improve the documentation - particularly the section on OpenVPN
and CA. The documentation doesn't appear to be set up as a wiki so not
sure how to submit changes or updates.
Thanks,
Eric
Eric Baenen
[EMAIL PROTECTED]
www.baenen.com
www.washingtoncreek.com
------------------------------------------------------------------------
_______________________________________________
Ebox-user mailing list
[email protected]
https://lists.warp.es/mailman/listinfo/ebox-user
--
Kevin Josue Zambrano Chavez
Linux Counter #395394 -> http://counter.li.org/
Si la base de la sociedad es ayudar a los demas, porque decir no a la
libertad de modificar y compartir el software? (Richard Stallman)
La imaginacion es mas importante que el conocimiento (Albert Einstein)
_______________________________________________
Ebox-user mailing list
[email protected]
https://lists.warp.es/mailman/listinfo/ebox-user
