Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 22 December 2024, 03:53:07 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Port Forwarding to OpenVPN Server in LAN (GREEN)
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Port Forwarding to OpenVPN Server in LAN (GREEN)  (Read 15369 times)
dukeluke
Jr. Member
*
Offline Offline

Posts: 5


« on: Sunday 17 January 2010, 10:24:02 pm »

hi all!

i've tried to make a port forwarding for an OpenVPN Server in GREEN.
i did it like in http://efwsupport.com/index.php?topic=1065.0 described.

i added a firewall destination nat:
access from: ANY
target: ANY Uplink
filter policy: ALLOW
Service Port: User defined
Protocol: UDP
Port: 1194
Translate to IP: 192.168.1.1
port 1194

i also added a system access rule:
source address: blank
source interface: RED
service port: user defined
protocoll: UDP
destination port: 1194
policy: ALLOW

but i don't get a connection from wan to the openvpn server in green.

What am I doing wrong?

kr, Luki
Logged
hacevedo
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Monday 18 January 2010, 03:09:26 am »

You don't need a system access rule for this. A system access rule will make the RED interface listen for the connection which is what happens when you enable the OpenVPN service on the firewall itself anyway.

A  of questions:

1. Are you trying to use an OpenVPN server other than the firewall itself?
2. If so, what is the IP address of the OpenVPN server on the GREEN zone?

Just to make sure, if your GREEN interface IP address is the 192.168.1.1 you posted, then your rule should point to the IP of the "real" OpenVPN server provided the answer to question #1 is "yes".  Wink
Logged
dukeluke
Jr. Member
*
Offline Offline

Posts: 5


« Reply #2 on: Monday 18 January 2010, 03:23:48 am »

ok, i think i got it ...
the openvpn server didn't have the right gateway.

thx!
Logged
dukeluke
Jr. Member
*
Offline Offline

Posts: 5


« Reply #3 on: Monday 18 January 2010, 03:55:13 am »

ok, now i get connections into the openvpn server.
the server runs on an extra device, and not on the firewall.

but now i can't ping the devices on the other side of the vpn, except from the vpn server. what do i have to do? add the networks 192.168.2.0 and 192.168.3.0 to the routing table? or do i have to make an firewall rule?

kr,
Luki
Logged
dukeluke
Jr. Member
*
Offline Offline

Posts: 5


« Reply #4 on: Monday 18 January 2010, 04:01:21 am »

my situation is the following:

i have an openvpn server on 192.168.1.1
client networks are 192.168.2.0 and 192.168.3.0
when i ping the gateways of the other openvpn side (192.168.2.0, 192.168.3.0) from my openvpn server (192.168.1.1) i get an answer. but as soon as i ping it from another machine eg. 192.168.1.253 (endian firewall) i can't reach them.
Logged
hacevedo
Jr. Member
*
Offline Offline

Posts: 8


« Reply #5 on: Monday 18 January 2010, 06:12:36 am »

That's right Dukeluke. You need to place two static routes on the endian firewall for those networks. The routes should point to the 192.168.1.1 address to be able to reach them. You should be able to ping them after that.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com