Re: [Efw-user] OpneVPN gateway-to-gateway bridged is up but hosts can't ping green card of EFW OpenVPN Server or other hosts in its LAN

Wed, 03 Oct 2007 07:48:29 -0700 

Hi All!

Problem solved!
Bad configuration on OpenVPN Server: changed to routed mode of VPN instead
bridged mode.
My big mistake!

Bye!
Carlo



cpu wrote:
> 
> Hi All!
> 
> I've setup the OpenVPN (bridged) trough 2 EFW (v2.1.1 upgraded to v2.1.2
> installing the specific .rpm).
> The configuration schema of LANs/VPN is the following:
> 
> LAN 1 - EFW SERVER OpenVPN
> RED: Public IP
> GREEN: 192.168.0.1
> Subnet mask: 255.255.255.0
> VPN proto/port: UDP/1194
> VPN Scope: 192.168.0.230 --> 192.168.0.250
> 
> 
> LAN 2 - EFW CLIENT OpenVPN
> RED: dynamic IP from provider
> GREEN: 192.168.1.1
> Subnet mask: 255.255.255.0
> 
> 
> The status of OpenVPN connection on two EFW is OK: the web interface at
> OpenVPN Panel says: "connected". The client get the IP from scope
> (192.168.0.230).
> 
> BUT, I can't ping nothing from client to server.
> From SSH session on EFW client, I CAN'T PING GREEN card (192.168.0.1) of
> EFW server:
> 
> [EMAIL PROTECTED]:~ # ping 192.168.0.1
> PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
> 
> --- 192.168.0.1 ping statistics ---
> 4 packets transmitted, 0 received, 100% packet loss, time 2999ms
> 
> AND any host on LAN 2 (client LAN) CAN'T ping nothing on LAN 1 too.
> 
> BUT if I make an OpenVPN connection to EFW on LAN 1 from a client of LAN 2
> (with openvpn gui and the same CA certificate used by EFW 2), from this
> host ONLY I CAN PING, copy file from/to servers and host, manage EFW
> trough the tunnel....
> When I make this OpenVPN connection from an host to EFW of LAN 1, the
> OpenVPN connection between the two EFW is up, but no other hosts from LAN
> 2 can ping or connect to hosts in LAN 1.
> 
> So I think there is something that's not working properly in my EFW of LAN
> 2....
> I've checked the /etc/rc.d/rc.firewall and at the line 147 I've found the
> correct entry:
> 
> 145 function iptables_accessall() {
> 146 iptables -F ACCEPT_ALL
> 147 iptables -F VPNTRAFFIC
> 
> The ROUTING TABLE on EFW of LAN 2 (client) is:
> Kernel IP routing table
> Destination      Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.1.0     0.0.0.0           255.255.255.0   U     0      0        0
> br0
> 192.168.0.0     0.0.0.0           255.255.255.0   U     0      0        0
> br0
> 1.XXX.YYY.0    0.0.0.0           255.255.255.0   U     0      0        0
> eth1
> 0.0.0.0           1.XXX.YYY.1    0.0.0.0            UG    0      0       
> 0 eth1
> 
> (XXX and YYY overwrite part of red IP for privacy)
> 
> 
> ARP TABLE on EFW of LAN 2 (client) is:
> Address                  HWtype  HWaddress           Flags Mask           
> Iface
> 192.168.1.130            ether   00:10:A4:EA:6C:CD   C                    
> br0
> 192.168.1.141            ether   00:19:99:02:16:1F   C                    
> br0
> 192.168.1.10             ether   00:C0:9F:1B:35:A4   C                    
> br0
> 192.168.1.140            ether   00:E0:18:FE:26:8D   C                    
> br0
> 192.168.1.239            ether   00:C0:9F:30:85:9D   C                    
> br0
> 192.168.1.99             ether   00:0D:9D:83:A0:BA   C                    
> br0
> 1.XXX.YYY.1              ether   00:00:0C:07:AC:03   C                    
> eth1
> 192.168.1.120            ether   00:20:ED:6E:26:91   C                    
> br0
> 192.168.1.121            ether   08:00:46:B2:C5:FF   C                    
> br0
> 192.168.1.131            ether   00:10:5A:B3:B1:B5   C                    
> br0
> 
> (XXX and YYY overwrite part of red IP for privacy)
> 
> 
> The ROUTING TABLE on EFW of LAN 1 (server) is:
> Kernel IP routing table
> Destination         Gateway           Genmask           Flags Metric Ref   
> Use Iface
> XXX.YYY.0.160    0.0.0.0             255.255.255.248  U     0      0       
> 0 eth1
> 192.168.0.0        0.0.0.0              255.255.255.0     U     0      0      
>  
> 0 br0
> 0.0.0.0              XXX.YYY.0.161    0.0.0.0              UG    0      0     
>   
> 0 eth1
> 
> (XXX and YYY overwrite part of red IP for privacy)
> 
> 
> ARP TABLE on EFW of LAN 1 (server) is:
> Address                  HWtype  HWaddress           Flags Mask           
> Iface
> 192.168.0.51             ether   00:E0:18:BF:74:E2   C                    
> br0
> 192.168.0.10             ether   00:C0:9F:2A:33:C8   C                    
> br0
> 192.168.0.55             ether   00:30:05:97:AF:C2   C                    
> br0
> 192.168.0.52             ether   00:30:05:6A:2B:1D   C                    
> br0
> 192.168.0.61             ether   00:30:05:C3:88:5A   C                    
> br0
> 192.168.0.204            ether   00:11:2F:F8:A7:4F   C                    
> br0
> 192.168.0.53             ether   00:30:05:9F:A2:32   C                    
> br0
> XXX.YYY.0.161             ether   00:D0:D6:07:3F:85   C                    
> eth1
> 192.168.0.231            ether   00:FF:7A:1B:6A:70   C                    
> br0
> 
> (XXX and YYY overwrite part of red IP for privacy)
> 
> The IP 192.168.0.231 is the IP taken by host connected by openvpn-gui.
> In ARP table I can't see the IP 192.168.0.230 taken by EFW in LAN 2....
> 
> Can anyone help me?
> THNX in advance!
> Carlo
> 

-- 
View this message in context: 
http://www.nabble.com/OpneVPN-gateway-to-gateway-bridged-is-up-but-hosts-can%27t-ping-green-card-of-EFW-OpenVPN-Server-or-other-hosts-in-its-LAN-tf4535096.html#a13020393
Sent from the efw-user mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to