Frode Marton Meling wrote: > Mike Tremaine wrote: > >> Frode Marton Meling wrote: >> >> >> >>>> >>>> >>>> >>> I have not looked at tcpdump yet. >>> I do not have Cisco switches, only HP. >>> The strange part is that the default gateway on green is pingable (so in >>> my case 192.168.3.1 is pingable but 192.168.3.9 is not, when client have >>> 192.168.3.60 as IPadress) >>> Looking forward to your research.. >>> >>> >> I have not solved it on site yet and I'm heading out to lunch. BUT when I >> brough up my test box and attached a laptop to the inside interface I was >> able >> to ssh and ping through the vpn tunnel to it no problem. So I do not think >> Endian's setup has anything to do with this. The production network has lots >> of >> cisco switches and I think something is block or mis-directing traffic >> because >> I can see almost everything accept the final reply coming back into the >> firewall. >> >> Just fyi I use this to connect to openvpn >> >> sudo /usr/sbin/openvpn --client --pull --comp-lzo --dev tap --ca >> /home/mgt/.openvpn/kraken.pem --auth-user-pass --remote kraken >> >> >> Where the pem file is what I downloaded from the firewall. Nothing specially >> there and it works fine on my simple test box. >> >> -Mike >> >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Efw-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> >> > > Strange... I tried with same settings as you, but I only get access to > endians interface on Green interface. > if I ping another server on Green I get: > From 192.168.3.60 icmp_seq=1 Destination Host Unreachable > From 192.168.3.60 icmp_seq=2 Destination Host Unreachable > > And it looks like my routing information is updated also. A route > command says: > 192.168.3.0 * 255.255.255.0 U 0 0 0 tap0 > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 > default 192.168.3.1 0.0.0.0 UG 0 0 0 tap0 > And 3.1 is my endian firewall.. > > PS! my klient is standard installed Kubuntu edgy 6.10 install. > > /MartOn > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Efw-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/efw-user > >
I would guess that if I was able to route my vpn connections to a separate IP-range I would not have this problem.. How does actually endian show logged on users to other clients on GREEN interface? does it impersonate the ipadress? How does a green normal client now that the VPN range should be sendt to default gateway, when it is on same subnet? Just thoughts.. /MartOn ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
