I have tried two alternatives as a client:
1) RoadWarrior configuration:
OpenVPN GUI 1.03 with the following configuration:
client
proto udp
dev tap
remote <ip-address>
resolv-retry infinite
nobind
persist-key
persist-tun
ca c:\\openvpn\\cacert.pem
auth-user-pass
comp-lzo
2) Net2Net
Besides that, I've tried to create a Net2Net setup with another Endian 2.1.2
setup on another server.
I've created a new vpn tunnel in the OpenVPN Net2Net client with the
following settings:
connect to: <ip address>
username: hans
password: <password>
bridged: no
routed: yes
block DHCP: no
And after that I've uploaded the CA from the server.
To finalize: the configuration of the VPN Server (also Endian 2.1.2)
- Runs within a ESX 2.5.2 virtual machine (might be relevant)
- OpenVPN server enabled, IP address pool between 192.168.0.160 and
192.168.0.180
- Configued on 1194 UDP
- I created an account hans with a remote network 192.168.1.0 with netmask
255.255.255.0
The version of the efw-firewall RPM package on the Endian server is 2.1.1
The version of Endian itself is 2.1.2 as mentioned before.
The file rc.firewall reads the following:
function iptables_accessall() {
iptables -F ACCEPT_ALL
iptables -F VPNTRAFFIC
Hope this helps
compdoc wrote:
>
> I was wondering how the external client(s) connect - what software, or
> what the
> setup is?
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of HansL
> Sent: Saturday, August 18, 2007 2:59 AM
> To: [email protected]
> Subject: Re: [Efw-user] openvpn set up, mobile clients can only reach
> firewall's
> internal green NIC address, no other machines on LAN are reachable
>
>
> I have exactly the same problem with the 2.1.2 version of Endian.
> The line in the rc.firewall has already been changed in this version, but
> still.
>
> I can reach my Endian box (both on the VPN IP address as on the GREEN IP
> address of the Endian box).
> All other IP's in the network cannot be reached.
>
> I have tried this both with a Net2Net configuration and with a RoadWarrior
> configuration. Same results.
>
> Any suggestions what to do?
>
>
> Igor Mikolic-Torreira wrote:
>>
>> I believe this is the OpenVPN routing bug. This has been
>> discuss previously on this list (a search of the arives
>> should find it). A solution also appears at
>>
>> http://alumnus.caltech.edu/~igormt/endian/bugs.html
>>
>> Igor
>>
>>
>> Ron E. wrote:
>>> Dear All,
>>>
>>> Hopefully someone has an idea about this. I manage several Endian
>>> firewall systems with openvpn configured and enabled. The one with this
>>> issue is running version 2.1.1 (the most recent version any of the
>>> various systems are running).
>>>
>>> Recently I configured openvpn on this particular system and while
>>> clients can connect successfully, only the firewalls green NIC is
>>> accessible, no other LAN machines are despite being reachable from
>>> inside the network normally.
>>>
>>> I have reproduced this problem on multiple systems connected to the
>>> Internet in multiple ways, with a public IP on the client side, via a
>>> NAT gateway, etc., etc.
>>>
>>> Looked through the openvpn logs and searched this mailing list but
>>> haven't found any clues.
>>>
>>> Would appreciate any input, thanks.
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Splunk Inc.
>>> Still grepping through log files to find problems? Stop.
>>> Now Search log events and configuration files using AJAX and a browser.
>>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>>> _______________________________________________
>>> Efw-user mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems? Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Efw-user mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/openvpn-set-up%2C-mobile-clients-can-only-reach-firewall%2
> 7s-internal-green-NIC-address%2C-no-other-machines-on-LAN-are-reachable-tf427692
> 6.html#a12211768
> Sent from the efw-user mailing list archive at Nabble.com.
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
--
View this message in context:
http://www.nabble.com/openvpn-set-up%2C-mobile-clients-can-only-reach-firewall%27s-internal-green-NIC-address%2C-no-other-machines-on-LAN-are-reachable-tf4276926.html#a12212240
Sent from the efw-user mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
