When the efw is the dns/dhcp provider, the correct routes are pushed to the clients.
We may not be adding the route correctly. For instance, maybe it's not the correct gateway address - maybe that address should be the tap address. One way to test would to be having a remote workstation use the dns/dhcp service of the efw, and then listing its routes. Of course, to do that, you'd have to disable dhcp on the 2003 server temporarily... I had trouble with routes using 4 firewalls with a mix of efw versions 2.1 and 2.1.2, and what I do is create the correct routes is to connect the client server to the main, but also create a connection from the main to the client. And by also having all workstations use the efw for dns/dhcp, so they'll be fed the correct routing. When it's up properly, everyone can ping everyone, with minimal or no changes to the workstations. (no need to edit the hosts files, for example) I wouldn't think the old ipsec settings would interfere, but I suppose its possible. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 10, 2008 1:15 PM To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net routed mode not routing That's the first thing I thought of as well. The firewall is the default route anyway, but adding a specific route didn't help. A "tracert 194.0.0.123" hits the firewall at 10.0.0.1 and stops (all other attempts time out.) This happens using the default route or a specific route. Thinking something was left over in the firewall from the IPSEC VPN, I deleted (as opposed to just disabled) the IPSEC VPN and rebooted the firewall. Still no joy. I may try rebuilding the firewall from the ground up. That way anything left over from the IPSEC VPN will certainly be gone. Any other thoughts before I burn another evening? Lane > On a workstation on the remote lan, add a route and test. > > If you had a windows pc, you would click start>run, and type > in: cmd and then type something like: > > route add 194.0.0.0 mask 255.255.255.0 10.0.0.1 > > (the last ip being the gateway ip to the main office) > > Then try pinging > > The route you're adding isn't permanent, and will be forgotten on > reboot... ------------------------------------------------------------ ------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://ja va.sun.com/javaone _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
