After a couple of weekends diagnosing the issues with 2.3, I've found that
it's still presenting some bugs from 2.1 (!!). Namely, OpenVPN does not push
DNS servers to the client. I've added the following lines to my
/etc/openvpn/openvpn.conf.tmpl in order to make it work:
#if $PUSH_GLOBAL_DNS == 'on'
push "dhcp-option DNS ${GLOBAL_DNS}"
#end if
It will ONLY work if you have just ONE DNS server under Push these
nameservers. This fix will survive restarts.
Another problem I've found (this is 2.3 exclusively):
The DHCP server is creating non-working configs that prevent dhcpd from
working when you use double quotes (" ") under Custom configuration lines,
such as:
filename "\pxelinux.0";
The Python script on the backend is escaping the quotes on the line above,
thus making the config file invalid. I had to manually edit the config file
from dhcpd to make it work. If someone logs into the GUI and restarts the
DHCP through the web interface, the problem reappears.
Hope this helps other people as well.
Regards,
--
Rafael Fonseca
www.nunca.com.br
2009/12/8 Rafael Fonseca <rafael.m...@gmail.com>
> I've noticed that whenever rules with IPS are enabled, traffic does not get
> through. Snort might be set too strictly in my scenario.
>
> Disabled IPS, but the VPN server still does not let traffic through. Since
> this is for a client, I'll have to go back to their offices to have a look
> again. Will keep you posted.
>
> I also need to report to Endian some issues I've found while migrating
> their firewall from 2.2 to 2.3 last weekend.
>
> Thanks for the replies,
>
> Rafael
>
> 2009/12/8 Vikash Khatuwala <vik...@netvigator.com>
>
> Do you have IPS (snort) running? I found that snort will filter VPN
>> traffic regardless of VPN firewall rules.
>>
>>
>> At 07:03 PM 07-12-09, you wrote:
>> >Have you cheked the VPN firewall config?
>> >Cheers,
>> >Pedro
>> >On Monday 07 December 2009 07:58:17 Rafael Fonseca wrote:
>> > > I'm getting the same thing. Any news?
>> > > --
>> > > Rafael Fonseca
>> > > www.nunca.com.br
>> > >
>> > >
>> > > 2009/11/7 Elmar Natter <e...@allgaeu.org>
>> > >
>> > > > I've just encountered a new problem while switching from 2.2 to
>> > > > 2.3. The same config which worked perfect under 2.2 cause a
>> > > > problem under 2.3. Now only the router is pingable, and the web
>> > > > front end is available. But none IP from the network (same subnet
>> > > > on green interface) is available. So what to do different in efw
>> > > > 2.3 to get openvpn access running?
>> > > >
>> > > > Regards
>> > > >
>> > > > Elmar
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> >
>> ------------------------------------------------------------------------------
>> > > > Let Crystal Reports handle the reporting - Free Crystal Reports
>> > 2008 30-Day
>> > > > trial. Simplify your report design, integration and deployment
>> > - and focus
>> > > > on
>> > > > what you do best, core application coding. Discover what's new with
>> > > > Crystal Reports now. http://p.sf.net/sfu/bobj-july
>> > > > _______________________________________________
>> > > > Efw-user mailing list
>> > > > Efw-user@lists.sourceforge.net
>> > > > https://lists.sourceforge.net/lists/listinfo/efw-user
>> > > >
>> > >
>> >
>> >--
>>
>> >----------------------------------------------------------------------------------------------------------
>> >Pedro M. S. Oliveira
>> >IT Consultant
>> >Email: pmsolive...@gmail.com
>> >URL: http://www.linux-geex.com
>> >Cellular: +351 96 5867227
>>
>> >----------------------------------------------------------------------------------------------------------
>> >
>>
>> >------------------------------------------------------------------------------
>> >Join us December 9, 2009 for the Red Hat Virtual Experience,
>> >a free event focused on virtualization and cloud computing.
>> >Attend in-depth sessions from your desk. Your couch. Anywhere.
>> >http://p.sf.net/sfu/redhat-sfdev2dev
>> >_______________________________________________
>> >Efw-user mailing list
>> >Efw-user@lists.sourceforge.net
>> >https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Join us December 9, 2009 for the Red Hat Virtual Experience,
>> a free event focused on virtualization and cloud computing.
>> Attend in-depth sessions from your desk. Your couch. Anywhere.
>> http://p.sf.net/sfu/redhat-sfdev2dev
>> _______________________________________________
>> Efw-user mailing list
>> Efw-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
>
>
> --
> --
> Rafael Fonseca
> www.nunca.com.br
>
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
