Dear, My goal is to connect two private LANs over the internet through a VPN established between two EFWs (Net2Net). I had tried this in a lab environment and at that time it worked. After dismantling the lab, I've tried to set this up in production. Unfortunately it didn't work. :-( I've tried the configuration again in my lab and now it doesn't work anymore there neither. :-( What am I doing wrong here?
Current setup (X.X.X.X = Public LAN): [Local LAN1] IP: 192.168.100.10 SN: 255.255.255.0 GW: 192.168.100.1 [EFW1] (EFW release 2.1.2) IP GREEN: 192.168.100.1 SN GREEN: 255.255.255.0 IP RED: X.X.X.219 SN RED: 255.255.255.128 GW RED: X.X.X.129 [EFW2] (EFW release 2.1.2) IP GREEN: 192.168.101.1 SN GREEN: 255.255.255.0 IP RED: X.X.X.250 SN RED: 255.255.255.128 GW RED: X.X.X.129 [Local LAN2] IP: 192.168.101.10 SN: 255.255.255.0 GW: 192.168.101.1 The RED interfaces of the two EFWs are connected to the same switch. In the production environment they are connected to the internet but in the same subnet. Both LAN's can connect to the internet. EFW1 Is configured as OpenVPN server with IP pool 192.168.100.15 - 192.168.100.20 On EFW1 a user is configured for EFW2 with network 192.168.101.0 - 255.255.255.0 EFW2 Is configured as OpenVPN client to "Public.219" in routed mode. After configuration the connection status says immediately "Established". So far so good, I would think. If I read the manuals, my configuration should be correct. However it doesn't work. I'm not able to ping LAN1 from LAN2 and vice versa. Also other protocols don't work. >From LAN2 to LAN1 I can ping the GREEN IP of EFW2. >From LAN2 to LAN1 I receive sometimes "Destination host unreachable" as reply from the GREEN IP from EFW2, sometimes it just says "Request timed out". >From LAN1 to LAN2 I always receive "Request timed out", no matter which host on LAN2. On EFW1 I see the following in network status after pinging from one LAN to the other: Routing table Entries: X.X.X.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.101.0 192.168.100.15 255.255.255.0 UG 0 0 0 br0 0.0.0.0 X.X.X.129 0.0.0.0 UG 0 0 0 eth1 ARP Table Entries 192.168.100.15 ether <MAC Addres> C br0 X.X.X.250 ether <MAC Addres> C eth1 192.168.100.10 ether <MAC Addres> C br0 On EFW2 I see the following in network status: Routing table Entries: X.X.X.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 tap2 192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 X.X.X.129 0.0.0.0 UG 0 0 0 eth1 ARP Table Entries 192.168.100.10 ether <incomplete> tap2 192.168.101.10 ether <MAC Addres> C br0 X.X.X.219 ether <MAC Addres> C eth1 192.168.100.1 ether <MAC Addres> C tap2 I'm looking around on the internet and mailinglists for a while now and find some articles about the same problem. A Solution or cause is never realy found. Any help would be very apreciated! With kind regards, Opperklet. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
