Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 08:25:30 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  net to net vpn help
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: net to net vpn help  (Read 22021 times)
frquency
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 03 October 2008, 02:33:39 am »

Hello i am having a little bit a trouble seting up a net to net vpn here is my setup as follows


net 1|  192.168.1.0, 255.255.255.0- vpn server: ----VPN---- Net2| 192.168.0.0,255.255.224.0


I can ping from ssh in both gateways but appart from that thats all.  And in each firewall the vpn says connected.
I am trying to connect via routed mode. I would like to see my servers on net1 from my satikite office in net2.

kind regards

steve
Logged
ellaguno
Jr. Member
*
Offline Offline

Posts: 2


« Reply #1 on: Thursday 23 October 2008, 06:52:58 am »

I also have the same issue trying to link Gw 2 Gw two green networks.

The VPN is created, and at the beginning I was able to ping the other side (Endian Box) and the PCs connected there but now I can only ping the PCs, and nothing else. No SSH, HTTP or anything else. My network is

net 1|  172.16.21.0, 255.255.255.0- vpn server: ----VPN---- Net2| 192.168.0.0,255.255.224.0

Endian 1. 1st network is 172.16.21.15
Endians 2. 2nd network is 192.168.0.15  (VPN address 172.16.21.11)

It seems that several posts address the same problem with no answers yet, hope we have more luck.
Logged
Mussolini
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Monday 12 January 2009, 10:31:49 pm »

Hi guys...

Tell me something...  You are able to ping from a station in net1 to another station in net2 ?   Because in my case, I can ping from the EFW in net1 to any station in net2, but not from a station inside the net1.
It seens that is a routing problem, but I couldn't resolve this problem.
Logged
smk986
Jr. Member
*
Offline Offline

Posts: 7


« Reply #3 on: Sunday 07 June 2009, 01:23:17 am »

Hello

Once VPN is established I can connect with http to any station in net2 from a station inside the net1 but only with http  all other protocols do not connect https, ping, RDP, ssh, etc...

I can ping from the EFW in net1 to any other host in net2 thou.


Endian Community release 2.2.rc3
Logged
smk986
Jr. Member
*
Offline Offline

Posts: 7


« Reply #4 on: Sunday 07 June 2009, 02:28:28 am »


Hello

Furthur testing results,  if the client enables NAT  under "OpenVPN client (Gw2Gw)"   Advanced tunnel configuration -->  tick box

I can now connect to all green hosts with any protocol in net2   but with nat this blocks all traffice in reverse, so not a full gw2gw VPN

Also I connected with openVPN on non-EFW PC to net1 and could access all hosts, where EFW gw2gw-client could not connect all but http with VPN link until NAT ticked then all works ablit one way.

Problem seems to be with the Client gw2gw EFW VPN/iptables rules

so problem seems to be with native routed mode with NAT disabled there is one of three scripts that EFW runs on openVPN client connection


00bridge  /etc/openvpn/ifup.client.d/00bridge    Bridge mode                 not tested.

setportfw-run   /usr/local/bin/setportfw.py        Native routed mode      VPN connects but green to green no connectivity either way.  Pings from EFW either end to hosts on green o.k.  also http traffic o.k. but all other protocols blockes

setsnat-run      /usr/local/bin/setsnat.py            NAT mode                      VPN works o.k. via NAT but of course only one way. Pings from green LAN hosts  to   server green LAN hosts  o.k.


Thank you
Endian Community release 2.2.rc3

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com