Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 06:31:16 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN Routed Mostly Working
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN Routed Mostly Working  (Read 8870 times)
Syntax42
Full Member
***
Offline Offline

Posts: 19


« on: Tuesday 07 May 2013, 11:34:39 pm »

I finally managed to assign VPN users a subnet separate from my primary network and make the firewall perform the correct routing.  The only issue I'm having is that I can't access the web interface or SSH into the firewall from the VPN connection even though I can ping the firewall's internal IP address.  This isn't necessarily a bad thing, as it improves security if the VPN tunnel is compromised, but it prevents me from performing administration remotely.

Here's how I did it:
In OpenVPN configuration, the bridged mode should not be checked.  The subnet of the VPN users should be different from the subnet of the internal network.  Remote users should also be on a different local subnet.  The easiest way to avoid subnet conflicts is to not use common subnets on your side which end in 0 or 1 like 192.168.1.0/24.

In the advanced tab of OpenVPN, I added the internal network to be pushed to clients.

In network routing, I added two static routes.  The first was from my VPN subnet to my internal subnet with a gateway of 0.0.0.0.  The second was reversed with the same gateway.



If anyone notices any major issues with doing the above, please let me know.  Also, if you know how to make the firewall's web interface accessible, I would appreciate it.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.188 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com