Title: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: dukeluke on Sunday 17 January 2010, 10:24:02 pm hi all!
i've tried to make a port forwarding for an OpenVPN Server in GREEN. i did it like in http://efwsupport.com/index.php?topic=1065.0 described. i added a firewall destination nat: access from: ANY target: ANY Uplink filter policy: ALLOW Service Port: User defined Protocol: UDP Port: 1194 Translate to IP: 192.168.1.1 port 1194 i also added a system access rule: source address: blank source interface: RED service port: user defined protocoll: UDP destination port: 1194 policy: ALLOW but i don't get a connection from wan to the openvpn server in green. What am I doing wrong? kr, Luki Title: Re: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: hacevedo on Monday 18 January 2010, 03:09:26 am You don't need a system access rule for this. A system access rule will make the RED interface listen for the connection which is what happens when you enable the OpenVPN service on the firewall itself anyway.
A of questions: 1. Are you trying to use an OpenVPN server other than the firewall itself? 2. If so, what is the IP address of the OpenVPN server on the GREEN zone? Just to make sure, if your GREEN interface IP address is the 192.168.1.1 you posted, then your rule should point to the IP of the "real" OpenVPN server provided the answer to question #1 is "yes". ;) Title: Re: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: dukeluke on Monday 18 January 2010, 03:23:48 am ok, i think i got it ...
the openvpn server didn't have the right gateway. thx! Title: Re: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: dukeluke on Monday 18 January 2010, 03:55:13 am ok, now i get connections into the openvpn server.
the server runs on an extra device, and not on the firewall. but now i can't ping the devices on the other side of the vpn, except from the vpn server. what do i have to do? add the networks 192.168.2.0 and 192.168.3.0 to the routing table? or do i have to make an firewall rule? kr, Luki Title: Re: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: dukeluke on Monday 18 January 2010, 04:01:21 am my situation is the following:
i have an openvpn server on 192.168.1.1 client networks are 192.168.2.0 and 192.168.3.0 when i ping the gateways of the other openvpn side (192.168.2.0, 192.168.3.0) from my openvpn server (192.168.1.1) i get an answer. but as soon as i ping it from another machine eg. 192.168.1.253 (endian firewall) i can't reach them. Title: Re: Port Forwarding to OpenVPN Server in LAN (GREEN) Post by: hacevedo on Monday 18 January 2010, 06:12:36 am That's right Dukeluke. You need to place two static routes on the endian firewall for those networks. The routes should point to the 192.168.1.1 address to be able to reach them. You should be able to ping them after that.
|