[Efw-user] OpneVPN gateway-to-gateway bridged is up but hosts can't ping green card of EFW OpenVPN Server or other hosts in its LAN

cpu Fri, 28 Sep 2007 08:05:22 -0700

Hi All!

I've setup the OpenVPN (bridged) trough 2 EFW (v2.1.1 upgraded to v2.1.2
installing the specific .rpm).
The configuration schema of LANs/VPN is the following:


LAN 1 - EFW SERVER OpenVPN
RED: Public IP
GREEN: 192.168.0.1
Subnet mask: 255.255.255.0
VPN proto/port: UDP/1194
VPN Scope: 192.168.0.230 --> 192.168.0.250


LAN 2 - EFW CLIENT OpenVPN
RED: dynamic IP from provider
GREEN: 192.168.1.1
Subnet mask: 255.255.255.0


The status of OpenVPN connection on two EFW is OK: the web interface at
OpenVPN Panel says: "connected". The client get the IP from scope
(192.168.0.230).

BUT, I can't ping nothing from client to server.
>From SSH session on EFW client, I CAN'T PING GREEN card (192.168.0.1) of EFW
server:

[EMAIL PROTECTED]:~ # ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

--- 192.168.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

AND any host on LAN 2 (client LAN) CAN'T ping nothing on LAN 1 too.

BUT if I make an OpenVPN connection to EFW on LAN 1 from a client of LAN 2
(with openvpn gui and the same CA certificate used by EFW 2), from this host
ONLY I CAN PING, copy file from/to servers and host, manage EFW trough the
tunnel....
When I make this OpenVPN connection from an host to EFW of LAN 1, the
OpenVPN connection between the two EFW is up, but no other hosts from LAN 2
can ping or connect to hosts in LAN 1.

So I think there is something that's not working properly in my EFW of LAN
2....
I've checked the /etc/rc.d/rc.firewall and at the line 147 I've found the
correct entry:

145 function iptables_accessall() {
146 iptables -F ACCEPT_ALL
147 iptables -F VPNTRAFFIC

The ROUTING TABLE on EFW of LAN 2 (client) is:
Kernel IP routing table
Destination      Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.1.0     0.0.0.0           255.255.255.0   U     0      0        0
br0
192.168.0.0     0.0.0.0           255.255.255.0   U     0      0        0
br0
1.XXX.YYY.0    0.0.0.0           255.255.255.0   U     0      0        0
eth1
0.0.0.0           1.XXX.YYY.1    0.0.0.0            UG    0      0        0
eth1

(XXX and YYY overwrite part of red IP for privacy)


ARP TABLE on EFW of LAN 2 (client) is:
Address                  HWtype  HWaddress           Flags Mask           
Iface
192.168.1.130            ether   00:10:A4:EA:6C:CD   C                    
br0
192.168.1.141            ether   00:19:99:02:16:1F   C                    
br0
192.168.1.10             ether   00:C0:9F:1B:35:A4   C                    
br0
192.168.1.140            ether   00:E0:18:FE:26:8D   C                    
br0
192.168.1.239            ether   00:C0:9F:30:85:9D   C                    
br0
192.168.1.99             ether   00:0D:9D:83:A0:BA   C                    
br0
1.XXX.YYY.1              ether   00:00:0C:07:AC:03   C                    
eth1
192.168.1.120            ether   00:20:ED:6E:26:91   C                    
br0
192.168.1.121            ether   08:00:46:B2:C5:FF   C                    
br0
192.168.1.131            ether   00:10:5A:B3:B1:B5   C                    
br0

(XXX and YYY overwrite part of red IP for privacy)


The ROUTING TABLE on EFW of LAN 1 (server) is:
Kernel IP routing table
Destination         Gateway           Genmask           Flags Metric Ref   
Use Iface
XXX.YYY.0.160    0.0.0.0             255.255.255.248  U     0      0       
0 eth1
192.168.0.0        0.0.0.0              255.255.255.0     U     0      0       
0 br0
0.0.0.0              XXX.YYY.0.161    0.0.0.0              UG    0      0       
0 eth1

(XXX and YYY overwrite part of red IP for privacy)


ARP TABLE on EFW of LAN 1 (server) is:
Address                  HWtype  HWaddress           Flags Mask           
Iface
192.168.0.51             ether   00:E0:18:BF:74:E2   C                    
br0
192.168.0.10             ether   00:C0:9F:2A:33:C8   C                    
br0
192.168.0.55             ether   00:30:05:97:AF:C2   C                    
br0
192.168.0.52             ether   00:30:05:6A:2B:1D   C                    
br0
192.168.0.61             ether   00:30:05:C3:88:5A   C                    
br0
192.168.0.204            ether   00:11:2F:F8:A7:4F   C                    
br0
192.168.0.53             ether   00:30:05:9F:A2:32   C                    
br0
XXX.YYY.0.161             ether   00:D0:D6:07:3F:85   C                    
eth1
192.168.0.231            ether   00:FF:7A:1B:6A:70   C                    
br0

(XXX and YYY overwrite part of red IP for privacy)

The IP 192.168.0.231 is the IP taken by host connected by openvpn-gui.
In ARP table I can't see the IP 192.168.0.230 taken by EFW in LAN 2....

Can anyone help me?
THNX in advance!
Carlo
-- 
View this message in context: 
http://www.nabble.com/OpneVPN-gateway-to-gateway-bridged-is-up-but-hosts-can%27t-ping-green-card-of-EFW-OpenVPN-Server-or-other-hosts-in-its-LAN-tf4535096.html#a12942385
Sent from the efw-user mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

[Efw-user] OpneVPN gateway-to-gateway bridged is up but hosts can't ping green card of EFW OpenVPN Server or other hosts in its LAN

Reply via email to