Dear compdoc,
Thx a lot for your tips! I've tried them all however without any success.
I even tried now to make a new lab on virtual machines (MS Virtual Server)
with exactly the same result.
I Must do something wrong and I can't figure out what it is. :-(
I Thought I knew a thing or two about networking but start to wonder now...
Anyhow, hereby the results about Routing on EFW and routing tables from the
client:
Routing Table Entries
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
X.X.X.128 0.0.0.0 255.255.255.128 U 0 0 0
eth1
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0
br0
192.168.101.0 192.168.100.15 255.255.255.0 UG 0 0 0
br0
0.0.0.0 X.X.X.129 0.0.0.0 UG 0 0 0
eth1
ARP Table Entries
Address HWtype HWaddress Flags Mask
Iface
192.168.100.15 ether 00:FF:0D:2F:22:BB C
br0
192.168.101.1 ether 00:03:FF:EA:46:67 C
tap2
X.X.X.250 ether 00:03:FF:EB:46:67 C
eth1
192.168.100.10 ether 00:03:FF:E3:46:67 C
br0
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.255.0 192.168.100.1 192.168.100.10 1
192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.10 192.168.100.10 1
192.168.101.0 255.255.255.255 192.168.100.15 192.168.100.10 1
255.255.255.255 255.255.255.255 192.168.100.10 192.168.100.10 1
Default Gateway: 192.168.100.1
===========================================================================
On machine 192.168.100.10 (=Client machine on LAN1):
I Can ping 192.168.101.1 (=GREEN IP EFW2)
I Can't ping 192.168.101.10 (=Client machine on LAN2)
In the other direction I get similar results...
What am I missing here?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of compdoc
Sent: maandag 10 september 2007 17:52
To: [email protected]
Subject: Re: [Efw-user] OpenVPN Net2Net problem...
Whenever you make a connection, I think you need to refresh the Local LAN1/2
clients' networking to see the new routes.
You can do this by repairing the connection, which is easy if you check the
option to show the local area connection icon in the system tray. Or use the
/flushdns option of ipconfig. Or, you can reboot the PCs to clear it out.
Also, until you get it working, disable the outgoing firewall and the HTTP
proxy. And possibly the DNS proxy.
I have a customer set up with 4 efw's in different cities connected
together.
The only way I could get two way traffic working was to make a openvpn
connection in each direction. This builds the proper routes to push to the
clients. I know, people say you shouldn't have to do this, but I did.
Some other tips: If you have created a user to allow the other server to
connect, then later changed the remote network settings for that user, (by
clicking the 'Configure Networks' button) it won't work. You have to create
the user and add the remote network settings and get it perfect the first
time. If you need to change the settings, delete the user and create it
again.
Make sure you click the option "Block DHCP responses coming from tunnel" in
both the Server and Net2net Client settings.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Opper Klet
Sent: Monday, September 10, 2007 2:09 AM
To: [email protected]
Subject: Re: [Efw-user] OpenVPN Net2Net problem...
On my test setup, the VLAN is as follows:
Network: X.X.X.128/25
Broadcast: X.X.X.255
HostMin: X.X.X.129
HostMax: X.X.X.254
Hosts/Net: 126
This is the same as in production (The X.X.X part differs, that's all).
In the labo the X.X.X part is actually a screened LAN used to simulate the
internet.
In both configurations the client PC's can connect to the internet and port
forwarding from the internet towards the client machines work fine...
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of compdoc
Sent: zondag 9 september 2007 23:44
To: [email protected]
Subject: Re: [Efw-user] OpenVPN Net2Net problem...
So, your two labo machines are client PCs behind the firewalls. I see.
You mention "The RED interfaces of the two EFWs are connected to the same
switch."
On your test setup, is that subnet of the 'same switch' actually X.X.X.219 &
X.X.X.250, GW X.X.X.129, and mask 255.255.255.128? Or are you using some
other subnet?
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft Defy all challenges.
Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft Defy all challenges.
Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
