Hi Javier,
i had a look at the documentation on the website, and it seems a little out of
date with the current implementation.
it would be helpful if it could be updated.
i am trying to setup a vpn at the moment and i am also confused on which steps
to take.
regards,
Nicolas
----- Original Message ----
From: Javier Uruen Val <[EMAIL PROTECTED]>
To: eBox users <[email protected]>
Sent: Monday, 10 March, 2008 10:12:52 AM
Subject: Re: [Ebox-user] Re: still having troubles with site to site vpn
Correct me if I'm wrong but I think you are configuring a client and a server
in both B and C.
If that's the case:
You only need to configure one server in B, and one client in C.
Note that you won't need to generate any certificate or CA in C. You just need
to use the stuff generated by B.
I reckon you are connecting B and C twice.
On Friday 07 March 2008 16:16:54 Eric Baenen wrote:
> Ok, it's still not working but here is my new config...
>
> System A
> - Ubuntu 7-10
> - IP: 192.168.2.2
> - Gateway: 192.168.2.1
>
> System B
> - eBox 0.11.99
> - Int IP: 192.168.2.1
> - Ext IP: 192.168.4.2
> - DHCP running - serving: 192.168.2.2 - 192.168.2.10
> - OpenVPN service running and active
> - CA established
> - certificates generated for self and system C
> - VPN network address: 192.168.3.0
> - VPN network netmask: 255.255.255.0
> - OpenVPN network advertised: 192.168.2.0/255.255.255.0
> - Protocol: TCP
> - Port: 1194
> - Client authorization by common name: disabled
> - Allow eBox-to-eBox tunnels: checked
> - Allow client-to-client connections: not checked
> - OpenVPN Interface: eth1 (external - 192.168.4.2)
> - OpenVPN client config
> - OpenVPN server address: 192.168.4.3
> - OpenVPN server protocol: TCP
> - OpenVPN port: 1194
> - CA certificate set to that from system C
> - Client certificate set to that generated from system C
> - Client private key set to that generated from system C
> - Firewall rules
> -- in Filtering rules from internal networks to eBox
> --- default rules
> -- in Filtering rules for internal networks
> --- allow any service from 192.168.2.0/24 to any address
> --- allow any service from 192.168.3.0/24 to 192.168.2.0/24
> --- allow any service from 192.168.5.0/24 to 192.168.2.0/24
> -- in Filtering rules for traffic coming out from eBox
> --- no rules
> -- in Filtering rules from external networks to eBox
> --- no rules
> -- in Filtering rules from external networks to internal networks
> --- no rules
>
> System C
> - eBox 0.11.99
> - Ext IP: 192.168.4.3
> - Int IP: 192.168.5.1
> - DHCP running - serving: 192.168.5.2 - 192.168.5.10
> - OpenVPN service running and active
> - CA established
> - certificates generated for self and system B
> - VPN network address: 192.168.6.0
> - VPN network netmask: 255.255.255.0
> - OpenVPN network advertised: 192.168.5..0/255.255.255.0
> - Protocol: TCP
> - Port: 1194
> - Client authorization by common name: disabled
> - Allow eBox-to-eBox tunnels: checked
> - Allow client-to-client connections: not checked
> - OpenVPN Interface: eth1 (external - 192.168.4.3)
> - OpenVPN client config
> - OpenVPN server address: 192.168.4.2
> - OpenVPN server protocol: TCP
> - OpenVPN port: 1194
> - CA certificate set to that from system B
> - Client certificate set to that generated from system B
> - Client private key set to that generated from system B
> - Firewall rules
> -- in Filtering rules from internal networks to eBox
> --- default rules
> -- in Filtering rules for internal networks
> --- allow any service from 192.168.5.0/24 to any address
> --- allow any service from 192.168.6.0/24 to 192.168.5.0/24
> --- allow any service from 192.168.2.0/24 to 192.168.5.0/24
> -- in Filtering rules for traffic coming out from eBox
> --- no rules
> -- in Filtering rules from external networks to eBox
> --- no rules
> -- in Filtering rules from external networks to internal networks
> --- no rules
>
> System D
> - Ubuntu 7-10
> - IP: 192.168.5.2
> - Gateway: 192.168.5.1
>
> In the OpenVPN logs on system B I get
>
> Event: Client connection initiated
> Type: server
> Remote IP: 192.168.4.3
>
> In the OpenVPN logs on system C I get
>
> Event: Client connection initiated
> Type: server
> Remote IP: 192.168.4.2
>
> Event: Connection to server initiated
> Type: client
> Remote IP: 192.168.4.2
>
> Event: Initialization sequence completed
> Type: client
>
> System A can ping 192.168.2.1 (eBox B int)
> System A can ping 192.168.4.2 (eBox B ext)
> System A can ping 192.168.4.3 (eBox C ext)
> System A cannot ping 192.168.5.1 (eBox C int) (Packets just dropped - no
> error message) System A cannot ping 192.168.5.2 (System D) (Packets just
> dropped - no error message)
>
> System D can ping 192.168.5.1 (eBox C int)
> System D can ping 192.168.4.3 (eBox C ext)
> System D can ping 192.168.4.2 (eBox B ext)
> System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no
> error message) System D cannot ping 192.168.2.2 (System A) (Packets just
> dropped - no error message)
>
> > hi!
> >
> > I did site to site test and this works fine. The only diference in my
> >
> > configuration about your is that:
> >
> > 1) I configured the system B for server OpenVPN and client OpenVPN of
> >
> > system C.
> >
> > 2) I configured the system C for server OpenVPN and client OpenVPN of
> >
> > system B
> >
> > Eric Baenen wrote:
> > > I think I am following all the docs and forum post suggestions but I
> > >
> > > just can't seem to get site to site OpenVPN connections to work. I
> >
> > have
> >
> > > a feeling I'm missing something obvious (or doing something really
> >
> > stupid).
> >
> > > Here is my test setup - four machines...
> > >
> > > System A
> > > - Ubuntu 7-10
> > > - IP: 192.168.2.2
> > > - Gateway: 192.168.2.1
> > >
> > > System B
> > > - eBox 0.11.99
> > > - Int IP: 192.168.2.1
> > > - Ext IP: 192.168.4.2
> > > - DHCP running - serving: 192.168.2.2 - 192.168.2.10
> > > - OpenVPN service running and active
> > > - CA established
> > > - certificates generated for self and system C
> > > - VPN network address: 192.168.3.0
> > > - VPN network netmask: 255.255.255.0
> > > - OpenVPN network advertised: 192.168.2.0/255.255.255.0
> > > - Protocol: TCP
> > > - Port: 1194
> > > - Client authorization by common name: disabled
> > > - Allow eBox-to-eBox tunnels: checked
> > > - Allow client-to-client connections: not checked
> > > - OpenVPN Interface: eth1 (external - 192.168.4..2)
> > >
> > > System C
> > > - eBox 0.11.99
> > > - Ext IP: 192.168.4.3
> > > - Int IP: 192.168.5.1
> > > - DHCP running - serving: 192.168.5.2 - 192.168.5.10
> > > - OpenVPN service running and active
> > > - OpenVPN client config
> > > - OpenVPN server address: 192.168.4.2
> > > - OpenVPN server protocol: TCP
> > > - OpenVPN port: 1194
> > > - CA certificate set to that from system B
> > > - Client certificate set to that generated from system B
> > > - Client private key set to that generated from system B
> > >
> > > System D
> > > - Ubuntu 7-10
> > > - IP: 192.168.5.2
> > > - Gateway: 192.168.5.1
> > >
> > > In the OpenVPN logs on system B I get
> > > Event: Client connection initiated
> > > Daemon: SystemB
> > > Type: server
> > > Remote IP: 192.168.4.3
> > > Remote Certificate: systemc.testdomain.net
> > >
> > > System A can ping 192.168.2.1 (eBox B int)
> > > System A can ping 192.168.4.2 (eBox B ext)
> > > System A can ping 192.168.4.3 (eBox C ext)
> > > System A cannot ping 192.168.5.1 (eBox C int) (Destination Host
> >
> > Unreachable)
> >
> > > System A cannot ping 192.168.5.2 (System D) (Destination Host
> >
> > Unreachable)
> >
> > > System D can ping 192.168.5.1 (eBox C int)
> > > System D can ping 192.168.4.3 (eBox C ext)
> > > System D can ping 192.168.4.2 (eBox B ext)
> > > System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped
> >
> > - no
> >
> > > error message)
> > > System D cannot ping 192.168.2.2 (System A) (Packets just dropped -
> >
> > no
> >
> > > error message)
> > >
> > > There are no firewall rules set in any section.
> > >
> > > Do I need to create a firewall rule on eBox B to allow traffic from
> > >
> > > 192..168.3.0/24 to 192.168.2.0/24?
> > > Do I need to create a firewall rule on eBox B to allow traffic from
> > >
> > > 192.168.2.0/24 to 192.168.3..0/24?
> > > Do I need to create a firewall rule on eBox B to allow traffic from
> > >
> > > 192.168.2.0/24 to 192.168.5.0/24?
> > > Do I need to create a firewall rule on eBox B to allow traffic from
> > >
> > > 192.168.3.0/24 to 192.168.5.0/24?
> > > Do I need to create a firewall rule on eBox C to allow traffic from
> > >
> > > 192.168.5.0/24 to 192.168.2.0/24?
> > > Do I need to create a firewall rule on eBox C to allow traffic from
> > >
> > > 192.168.5.0/24 to 192.168.3.0/24?
> > >
> > > Everything seems like it should work - but it doesn't. Any
> >
> > suggestions
> >
> > > would be greatly appreciated.
> > >
> > > If I can get this to work - if there is a way, I would like to
> >
> > volunteer
> >
> > > to help improve the documentation - particularly the section on
> >
> > OpenVPN
> >
> > > and CA. The documentation doesn't appear to be set up as a wiki so
> >
> > not
> >
> > > sure how to submit changes or updates.
> > >
> > > Thanks,
> > >
> > > Eric
> > >
> > >
> > > Eric Baenen
> > > [EMAIL PROTECTED]
> > > www.baenen.com
> > > www.washingtoncreek.com
> >
> > ------------------------------------------------------------------------
> >
> > > _______________________________________________
> > > Ebox-user mailing list
> > > [email protected]
> > > https://lists.warp.es/mailman/listinfo/ebox-user
> >
> > --
> > Kevin Josue Zambrano Chavez
> > Linux Counter #395394 -> http://counter.li.org/
> > Si la base de la sociedad es ayudar a los demas, porque decir no a la
> > libertad de modificar y compartir el software? (Richard Stallman)
> > La imaginacion es mas importante que el conocimiento (Albert
> > Einstein)
>
> _______________________________________________
> Ebox-user mailing list
> [email protected]
> https://lists.warp.es/mailman/listinfo/ebox-user
_______________________________________________
Ebox-user mailing list
[email protected]
https://lists.warp.es/mailman/listinfo/ebox-user
__________________________________________________________
Sent from Yahoo! Mail.
The World's Favourite Email http://uk.docs.yahoo.com/nowyoucan.html_______________________________________________
Ebox-user mailing list
[email protected]
https://lists.warp.es/mailman/listinfo/ebox-user
