Ok, it's still not working but here is my new config... System A - Ubuntu 7-10 - IP: 192.168.2.2 - Gateway: 192.168.2.1
System B - eBox 0.11.99 - Int IP: 192.168.2.1 - Ext IP: 192.168.4.2 - DHCP running - serving: 192.168.2.2 - 192.168.2.10 - OpenVPN service running and active - CA established - certificates generated for self and system C - VPN network address: 192.168.3.0 - VPN network netmask: 255.255.255.0 - OpenVPN network advertised: 192.168.2.0/255.255.255.0 - Protocol: TCP - Port: 1194 - Client authorization by common name: disabled - Allow eBox-to-eBox tunnels: checked - Allow client-to-client connections: not checked - OpenVPN Interface: eth1 (external - 192.168.4.2) - OpenVPN client config - OpenVPN server address: 192.168.4.3 - OpenVPN server protocol: TCP - OpenVPN port: 1194 - CA certificate set to that from system C - Client certificate set to that generated from system C - Client private key set to that generated from system C - Firewall rules -- in Filtering rules from internal networks to eBox --- default rules -- in Filtering rules for internal networks --- allow any service from 192.168.2.0/24 to any address --- allow any service from 192.168.3.0/24 to 192.168.2.0/24 --- allow any service from 192.168.5.0/24 to 192.168.2.0/24 -- in Filtering rules for traffic coming out from eBox --- no rules -- in Filtering rules from external networks to eBox --- no rules -- in Filtering rules from external networks to internal networks --- no rules System C - eBox 0.11.99 - Ext IP: 192.168.4.3 - Int IP: 192.168.5.1 - DHCP running - serving: 192.168.5.2 - 192.168.5.10 - OpenVPN service running and active - CA established - certificates generated for self and system B - VPN network address: 192.168.6.0 - VPN network netmask: 255.255.255.0 - OpenVPN network advertised: 192.168.5.0/255.255.255.0 - Protocol: TCP - Port: 1194 - Client authorization by common name: disabled - Allow eBox-to-eBox tunnels: checked - Allow client-to-client connections: not checked - OpenVPN Interface: eth1 (external - 192.168.4.3) - OpenVPN client config - OpenVPN server address: 192.168.4.2 - OpenVPN server protocol: TCP - OpenVPN port: 1194 - CA certificate set to that from system B - Client certificate set to that generated from system B - Client private key set to that generated from system B - Firewall rules -- in Filtering rules from internal networks to eBox --- default rules -- in Filtering rules for internal networks --- allow any service from 192.168.5.0/24 to any address --- allow any service from 192.168.6.0/24 to 192.168.5.0/24 --- allow any service from 192.168.2.0/24 to 192.168.5.0/24 -- in Filtering rules for traffic coming out from eBox --- no rules -- in Filtering rules from external networks to eBox --- no rules -- in Filtering rules from external networks to internal networks --- no rules System D - Ubuntu 7-10 - IP: 192.168.5.2 - Gateway: 192.168.5.1 In the OpenVPN logs on system B I get Event: Client connection initiated Type: server Remote IP: 192.168.4.3 In the OpenVPN logs on system C I get Event: Client connection initiated Type: server Remote IP: 192.168.4.2 Event: Connection to server initiated Type: client Remote IP: 192.168.4.2 Event: Initialization sequence completed Type: client System A can ping 192.168.2.1 (eBox B int) System A can ping 192.168.4.2 (eBox B ext) System A can ping 192.168.4.3 (eBox C ext) System A cannot ping 192.168.5.1 (eBox C int) (Packets just dropped - no error message) System A cannot ping 192.168.5.2 (System D) (Packets just dropped - no error message) System D can ping 192.168.5.1 (eBox C int) System D can ping 192.168.4.3 (eBox C ext) System D can ping 192.168.4.2 (eBox B ext) System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message) System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message) > hi! > > I did site to site test and this works fine. The only diference in my > > configuration about your is that: > > 1) I configured the system B for server OpenVPN and client OpenVPN of > > system C. > > 2) I configured the system C for server OpenVPN and client OpenVPN of > > system B > > > Eric Baenen wrote: > > I think I am following all the docs and forum post suggestions but I > > > just can't seem to get site to site OpenVPN connections to work. I > have > > a feeling I'm missing something obvious (or doing something really > stupid). > > > > Here is my test setup - four machines... > > > > System A > > - Ubuntu 7-10 > > - IP: 192.168.2.2 > > - Gateway: 192.168.2.1 > > > > System B > > - eBox 0.11.99 > > - Int IP: 192.168.2.1 > > - Ext IP: 192.168.4.2 > > - DHCP running - serving: 192.168.2.2 - 192.168.2.10 > > - OpenVPN service running and active > > - CA established > > - certificates generated for self and system C > > - VPN network address: 192.168.3.0 > > - VPN network netmask: 255.255.255.0 > > - OpenVPN network advertised: 192.168.2.0/255.255.255.0 > > - Protocol: TCP > > - Port: 1194 > > - Client authorization by common name: disabled > > - Allow eBox-to-eBox tunnels: checked > > - Allow client-to-client connections: not checked > > - OpenVPN Interface: eth1 (external - 192.168.4.2) > > > > System C > > - eBox 0.11.99 > > - Ext IP: 192.168.4.3 > > - Int IP: 192.168.5.1 > > - DHCP running - serving: 192.168.5.2 - 192.168.5.10 > > - OpenVPN service running and active > > - OpenVPN client config > > - OpenVPN server address: 192.168.4.2 > > - OpenVPN server protocol: TCP > > - OpenVPN port: 1194 > > - CA certificate set to that from system B > > - Client certificate set to that generated from system B > > - Client private key set to that generated from system B > > > > System D > > - Ubuntu 7-10 > > - IP: 192.168.5.2 > > - Gateway: 192.168.5.1 > > > > In the OpenVPN logs on system B I get > > Event: Client connection initiated > > Daemon: SystemB > > Type: server > > Remote IP: 192.168.4.3 > > Remote Certificate: systemc.testdomain.net > > > > System A can ping 192.168.2.1 (eBox B int) > > System A can ping 192.168.4.2 (eBox B ext) > > System A can ping 192.168.4.3 (eBox C ext) > > System A cannot ping 192.168.5.1 (eBox C int) (Destination Host > Unreachable) > > System A cannot ping 192.168.5.2 (System D) (Destination Host > Unreachable) > > > > System D can ping 192.168.5.1 (eBox C int) > > System D can ping 192.168.4.3 (eBox C ext) > > System D can ping 192.168.4.2 (eBox B ext) > > System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped > - no > > error message) > > System D cannot ping 192.168.2.2 (System A) (Packets just dropped - > no > > error message) > > > > There are no firewall rules set in any section. > > > > Do I need to create a firewall rule on eBox B to allow traffic from > > > 192.168.3.0/24 to 192.168.2.0/24? > > Do I need to create a firewall rule on eBox B to allow traffic from > > > 192.168.2.0/24 to 192.168.3.0/24? > > Do I need to create a firewall rule on eBox B to allow traffic from > > > 192.168.2.0/24 to 192.168.5.0/24? > > Do I need to create a firewall rule on eBox B to allow traffic from > > > 192.168.3.0/24 to 192.168.5.0/24? > > Do I need to create a firewall rule on eBox C to allow traffic from > > > 192.168.5.0/24 to 192.168.2.0/24? > > Do I need to create a firewall rule on eBox C to allow traffic from > > > 192.168.5.0/24 to 192.168.3.0/24? > > > > Everything seems like it should work - but it doesn't. Any > suggestions > > would be greatly appreciated. > > > > If I can get this to work - if there is a way, I would like to > volunteer > > to help improve the documentation - particularly the section on > OpenVPN > > and CA. The documentation doesn't appear to be set up as a wiki so > not > > sure how to submit changes or updates. > > > > Thanks, > > > > Eric > > > > > > Eric Baenen > > [EMAIL PROTECTED] > > www.baenen.com > > www.washingtoncreek.com > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Ebox-user mailing list > > [email protected] > > https://lists.warp.es/mailman/listinfo/ebox-user > > > -- > Kevin Josue Zambrano Chavez > Linux Counter #395394 -> http://counter.li.org/ > Si la base de la sociedad es ayudar a los demas, porque decir no a la > libertad de modificar y compartir el software? (Richard Stallman) > La imaginacion es mas importante que el conocimiento (Albert > Einstein) _______________________________________________ Ebox-user mailing list [email protected] https://lists.warp.es/mailman/listinfo/ebox-user
