Re: [Efw-user] [EFW 2.2 RC1] 2 VPN clients can't connect to each other

Sat, 17 May 2008 18:46:38 -0700 

did you setup the networks behind the client? 

------------------------------------ 
Patricio Bruna V. 
IT Linux Ltda. 
http://www.it-linux.cl 
Fono : (+56-2) 333 0578 - Chile 
Fono: (+54-11) 6632 2760 - Argentina 
Móvil : (+56-09) 8827 0342 

----- "mulysatest mulysatest" escribió: 
I am now using EFW 2.2 RC1 
> I have successfully setup the OpenVPN on EFW and able to let 2 clientsconnect 
> to it. 
> These 2 client can successfully connection to VPN server ( 192.168.0.1 ) with 
> no problem. 
> 
> But problem is 
> 
> 1. The client-A ( 192.168.0.150 ) can't ping client-B ( 192.168.0.151 ) even 
> if they are sharing the 
> 
> same netmask 255.255.255.0 . The only thing I can ping is the EFW ( 
> 192.168.0.1 ) 
> 
> 2. Each VPN client also can't ping/access to Machine-C (see the diagram 
> below) which is sharing 
> 
> the same IP class/netmask. 
> 
> I have tried many options under VPN configuration such as "push network", etc 
> ..but still no luck. 
> Here is some of my configuration under VPN menu 
> 
> [x]Block DHCP responses coming from tunnel: 
> [x] Don't block traffic between clients: 
> 
> --------------------------------------------------------------------------------------------
>  
> br0 Link encap:Ethernet HWaddr 00:50:56:8F:3E:9C 
> inet addr: 192.168.0.1 Bcast: 192.168.0.255 Mask: 255.255.255.0 
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
> RX packets:112134 errors:0 dropped:0 overruns:0 frame:0 
> TX packets:139549 errors:0 dropped:0 overruns:0 carrier:0 
> collisions:0 txqueuelen:0 
> RX bytes:8330887 (7.9 MiB) TX bytes:138100029 (131.7 MiB) 
> 
> eth0 Link encap:Ethernet HWaddr 00:50:56:8F:3E:9C 
> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 
> RX packets:36787 errors:0 dropped:0 overruns:0 frame:0 
> TX packets:37791 errors:0 dropped:0 overruns:0 carrier:0 
> collisions:0 txqueuelen:1000 
> RX bytes:3363750 (3.2 MiB) TX bytes:5147380 (4.9 MiB) 
> Interrupt:17 Base address:0x1400 
> 
> eth1 Link encap:Ethernet HWaddr 00:50:56:8F:34:53 
> inet addr: 61.19.248.251 Bcast: 61.19.248.255 Mask: 255.255.255.128 
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
> RX packets:245450 errors:3 dropped:4 overruns:0 frame:0 
> TX packets:199934 errors:0 dropped:0 overruns:0 carrier:0 
> collisions:0 txqueuelen:1000 
> RX bytes:136063970 (129.7 MiB) TX bytes:150749394 (143.7 MiB) 
> Interrupt:18 Base address:0x1480 
> 
> lo Link encap:Local Loopback 
> inet addr: 127.0.0.1 Mask: 255.0.0.0 
> inet6 addr: ::1/128 Scope:Host 
> UP LOOPBACK RUNNING MTU:16436 Metric:1 
> RX packets:1615 errors:0 dropped:0 overruns:0 frame:0 
> TX packets:1615 errors:0 dropped:0 overruns:0 carrier:0 
> collisions:0 txqueuelen:0 
> RX bytes:142735 (139.3 KiB) TX bytes:142735 (139.3 KiB) 
> 
> tap1 Link encap:Ethernet HWaddr 00:FF:E6:79:D0:2F 
> inet6 addr: fe80::2ff:e6ff:fe79:d02f/64 Scope:Link 
> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 
> RX packets:63153 errors:0 dropped:0 overruns:0 frame:0 
> TX packets:95754 errors:0 dropped:1 overruns:0 carrier:0 
> collisions:0 txqueuelen:100 
> RX bytes:5053836 (4.8 MiB) TX bytes:119624028 (114.0 MiB) 
> --------------------------------------------------------------------------------------------
>  
> 
> 
> ==Routing table entries== 
> Kernel IP routing table 
> Destination Gateway Genmask Flags Metric Ref Use Iface 
> 61.19.248.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1 
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 
> 0.0.0.0 61.19.248.129 0.0.0.0 UG 0 0 0 eth1 
> 
> ==ARP table entries== 
> Address HWtype HWaddress Flags Mask Iface 
> 61.19.248.129 ether 00:00:0C:07:AC:00 C eth1 
> 192.168.0.150 ether 00:FF:E7:2E:13:C3 C br0 
> 192.168.0.128 ether 00:50:56:8F:16:34 C br0 
> 
> ==Inter-Zone traffice=== 
> 
> # Source Destination Service Policy Remark Actions 
> 1 GREEN GREEN <ANY> ALLOW 
> 2 GREEN BLUE <ANY> ALLOW 
> 3 GREEN ORANGE <ANY> ALLOW 
> 4 BLUE BLUE <ANY> ALLOW 
> 5 ORANGE ORANGE <ANY> ALLOW 
> 6 192.168.0.1/24 192.168.0.1/24 <ANY> ALLOW test 
> --------------------------------------------------------------------------------------------
>  
> 
> 
> Also take a look at the firewall's log, but still don't see anything use 
> full. 
> I really have no idea why those VPN with 192.168.0.x/ 255.255.255.0 can't 
> reach each other. 
> Here is the diagram. 
> 
> client-A ==VPN==> Internet ====> EFW <===Internet <===VPN===client-B 
> || 
> Machine-C ( 192.168.0.128 ) 
> 
> Do I need to add any routing table? Am I doing anything wrong or it is a bug? 
> Any help/suggestion can be provided would be very appriciate. 
> 
> 
> 
> ------------------------------------------------------------------------- 
> This SF.net email is sponsored by: Microsoft Defy all challenges. 
> Microsoft(R) Visual Studio 2008. 
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ 
> _______________________________________________ Efw-user mailing list 
> [email protected] 
> https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to