Should just work. I'm assuming for the outer LAN, you have a dsl/cable modem that has a built in switch, or a router that's connected to a switch.
And that you've set the LAN of that router to use that limited subnet you mentioned. I'm guessing you can ping both EFW's red interfaces from the clients on LAN1 and LAN2, is that right? Are you sure the clients will respond to pings, and that you don't have some firewall software on them that blocks pings? If you can't get this working, I would start over and go basic - set the outer LAN's subnet to something simple like 192.168.0.x, or 10.0.0.x, to make sure that's not an issue. Then , just reinstall EWF on the servers to make sure it's not something you've done with the settings. If both clients can browse the web and ping sites like www.google.com, then I'd have to guess the server hardware and cables, etc are working properly... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Opper Klet Sent: Tuesday, September 11, 2007 2:45 AM To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... Dear compdoc, Thx a lot for your tips! I've tried them all however without any success. I even tried now to make a new lab on virtual machines (MS Virtual Server) with exactly the same result. I Must do something wrong and I can't figure out what it is. :-( I Thought I knew a thing or two about networking but start to wonder now... Anyhow, hereby the results about Routing on EFW and routing tables from the client: Routing Table Entries Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface X.X.X.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.101.0 192.168.100.15 255.255.255.0 UG 0 0 0 br0 0.0.0.0 X.X.X.129 0.0.0.0 UG 0 0 0 eth1 ARP Table Entries Address HWtype HWaddress Flags Mask Iface 192.168.100.15 ether 00:FF:0D:2F:22:BB C br0 192.168.101.1 ether 00:03:FF:EA:46:67 C tap2 X.X.X.250 ether 00:03:FF:EB:46:67 C eth1 192.168.100.10 ether 00:03:FF:E3:46:67 C br0 =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.10 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.100.0 255.255.255.0 192.168.100.1 192.168.100.10 1 192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.10 192.168.100.10 1 192.168.101.0 255.255.255.255 192.168.100.15 192.168.100.10 1 255.255.255.255 255.255.255.255 192.168.100.10 192.168.100.10 1 Default Gateway: 192.168.100.1 =========================================================================== On machine 192.168.100.10 (=Client machine on LAN1): I Can ping 192.168.101.1 (=GREEN IP EFW2) I Can't ping 192.168.101.10 (=Client machine on LAN2) In the other direction I get similar results... What am I missing here? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of compdoc Sent: maandag 10 september 2007 17:52 To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... Whenever you make a connection, I think you need to refresh the Local LAN1/2 clients' networking to see the new routes. You can do this by repairing the connection, which is easy if you check the option to show the local area connection icon in the system tray. Or use the /flushdns option of ipconfig. Or, you can reboot the PCs to clear it out. Also, until you get it working, disable the outgoing firewall and the HTTP proxy. And possibly the DNS proxy. I have a customer set up with 4 efw's in different cities connected together. The only way I could get two way traffic working was to make a openvpn connection in each direction. This builds the proper routes to push to the clients. I know, people say you shouldn't have to do this, but I did. Some other tips: If you have created a user to allow the other server to connect, then later changed the remote network settings for that user, (by clicking the 'Configure Networks' button) it won't work. You have to create the user and add the remote network settings and get it perfect the first time. If you need to change the settings, delete the user and create it again. Make sure you click the option "Block DHCP responses coming from tunnel" in both the Server and Net2net Client settings. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Opper Klet Sent: Monday, September 10, 2007 2:09 AM To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... On my test setup, the VLAN is as follows: Network: X.X.X.128/25 Broadcast: X.X.X.255 HostMin: X.X.X.129 HostMax: X.X.X.254 Hosts/Net: 126 This is the same as in production (The X.X.X part differs, that's all). In the labo the X.X.X part is actually a screened LAN used to simulate the internet. In both configurations the client PC's can connect to the internet and port forwarding from the internet towards the client machines work fine... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of compdoc Sent: zondag 9 september 2007 23:44 To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... So, your two labo machines are client PCs behind the firewalls. I see. You mention "The RED interfaces of the two EFWs are connected to the same switch." On your test setup, is that subnet of the 'same switch' actually X.X.X.219 & X.X.X.250, GW X.X.X.129, and mask 255.255.255.128? Or are you using some other subnet? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
