EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Thursday 05 December 2024, 02:03:04 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Download the latest community FREE version
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
openvpn gw 2 gw server tun client tap
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: openvpn gw 2 gw server tun client tap (Read 15303 times)
amucha
Jr. Member
Offline
Posts: 1
openvpn gw 2 gw server tun client tap
«
on:
Thursday 17 December 2009, 07:32:00 pm »
hello all,
i try to connect to networks. one is our network, protected by endian fw. the second is a network with openvpn srv.
it should be work in that way that the office computers in network one can access the mashines in network two.
(opposite direction is not so importand)
so the first step was to manually build up a vpn tunnel. the admin from network two uses this openvpn srv config :
#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local ***.***
dev tun
tun-mtu 1400
proto tcp
port 443
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 192.168.254.0 255.255.255.0
push "route 192.168.8.0 255.255.254.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
push "dhcp-option DOMAIN ***.***.**"
push "dhcp-option DNS 192.168.9.4"
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3
the client configuration is this :
tls-client
client
dev tun
proto tcp
tun-mtu 1400
remote ***.***.** ***
pkcs12 account.p12
cipher BF-CBC
verb 3
ns-cert-type server
ok. if i use this client configuration from my office computer (windows xp) everything is fine.
i can ping the hosts in the second network. even names are resolved correctly.
remote desktop etc. pp . no problem .
ok. i stopped this connection. next step was to establish a connection via endian fw.
so i configured OpenVPN client (gw2gw).
set up in the extended config section :
connection type : routed
block dhcp answ. from tunnel : yes
protocol : tcp
than i started the network. the connection could be established. the admin in the second
network confirmed this (he could see the connection too).
but no ping or any further access was possible.
i tryed some other configurations but the behaviour was the same every time.
than i checked the configuration endian fw generated for my client .
here it is :
client
pull
comp-lzo
nobind
resolv-retry infinite
dev tap2
pkcs12 <cert>
ns-cert-type server
proto tcp
remote <host:port>
writepid /var/run/openvpn/client_.pid
up-delay
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/"
down-pre
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.client.d/"
the first thing is, that the client uses the tap device (for routed and also bridged conn.type).
is there a chance to tell endian fw that it should use the tun device ?
is it necessary to add additional routes / rules or is this done by endian fw scripts ?
many thanks in advance
andreas .
Logged
Saltee
Jr. Member
Offline
Posts: 8
Re: openvpn gw 2 gw server tun client tap
«
Reply #1 on:
Thursday 07 January 2010, 05:53:40 am »
sounds like a routing problem - ensure you're pushing your routes correctly
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com