Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 19 December 2024, 02:52:16 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN Gateway-to-Gateway routing problem
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN Gateway-to-Gateway routing problem  (Read 47066 times)
Mussolini
Jr. Member
*
Offline Offline

Posts: 3


« on: Friday 09 January 2009, 05:56:24 am »

Hi all,

I've configured two EFW in two offices, being one as OpenVPN server (Office1) e the other one as OpenVPN client (Office2). The connection has been established and I can ping any machine inside the Office1 from the EFW console in Office2. But the problem is that the stations inside the office2 can't reach the stations inside the office1, I don't know why. From the EFW ok, I can reach any machine inside the office1, but from a station inside the office2 (behind EFW), I can't.
Is it a problem of routing ?  Firewall ?

I appreciate any help....
Logged
saleemgeorge
Jr. Member
*
Offline Offline

Posts: 1


« Reply #1 on: Wednesday 18 February 2009, 05:44:31 am »

Hello ..

I was also facing the same problem i can able to connect. 
i connected the vpn from site 1 to site 2 and it was established and when i log in to endian through ssh i can able to ping the other end (site2 )endian and all the system internal. but i can able to ping form the client in site1 but i cant able to ping to site 1 endian or any other system also.

For that make a connection form site2 to site1.  This will solve all your problem.

Now i can able to browse both site programs and it is stable

 
Logged
titosca
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Thursday 19 March 2009, 10:37:15 pm »

Hello guys,

I already have the same problem and what i do to solve it follow bellow:

In the Endian that acts like VPN SERVER you have to put  in the advanced -> Global Push Options the following informations:

"Push these networks"

Put here the network of VPN SERVER. When a client connects in the server he will build the route table between the client and your network, in this way your client can see the machines behind the vpn server.

Don`t forget to push the nameservers too, it`s important if you are in AD topology.

Another thing is in the account properties. In the field Network Behind the Client you input the network behind that client, in this way your network that have the VPN SERVER will can see the network behind the client.

Sorry if my english is not that good. But i think you can understand.

My best regards,

Guilherme
Logged
eXtr3me
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Sunday 05 September 2010, 02:30:12 am »

I had almost the same issue,
resolved it by using EFW1 as Client and Server
and EFW2 as Client and server
(2 Tunnels)
It Works,
clients can ping each others
Logged
e-telligent
Full Member
***
Offline Offline

Posts: 13


WWW
« Reply #4 on: Sunday 19 September 2010, 09:52:50 pm »

Hi,

I successfully configure endian community 2.4 VPN Gw2Gw  with this configuration:


network1 -----> endian VPN server ----->  INTERNET -------> endian Gw2Gw Client -------> network2


PLEASE PASTE HERE YOUR :
-----> route -n  output if your vpn connection have problem.
-----> cat /etc/sudoers | grep 'openvpn'
Logged

Leonil Sune

e-Telligent Solutions, Inc.
Unit 3-BI, 8101 Pearl Plaza Bldg.,
Pearl Drive, Ortigas Center, Pasig City
www.e-telligent.net
P: (02) 633-5678
F: (02) 638-7263
smk986
Jr. Member
*
Offline Offline

Posts: 7


« Reply #5 on: Saturday 20 November 2010, 10:42:04 pm »


Hello,

eXtr3me is correct, though Endian does not recommend to setup like this with two tunnels....... but it does work very well! This does have one advantage that remote site is now running VPN server and can be connected to directly to diagnose other problem or for faster network connection as not going via primary VPN server link to access remote site if you are not local to primary network.

I have successfully setup a number of EFW Gw-2-Gw VPN systems using two tunnels to create a bidirectional VPN and all traffic passes perfectly from all connected LAN clients at each site to all LAN clients at remote site. (This even works for more than two remote networks in star pattern)

Endian does recommend that only one Gw-2-Gw be configured, but many users find traffic only pass in one direction. Solution is to ensure that the 'Account' being used on VPN server end has the network address for the remote network site in CDIR format i.e. '192.168.x.0/24' added into 'Networks behind client' option. This configures *local* routing entries on server side making the traffic to that subnet go to the VPN address of that client.
Note this only applies when using routed mode, and also using different subnet on each network site.

Thank you Simon.
SiTek NZ
Logged
TheEricHarris
Full Member
***
Offline Offline

Posts: 86


« Reply #6 on: Thursday 06 January 2011, 04:17:46 am »

My issue was the VPN firewall being enabled.  Try disabling it (Firewall Tab - > VPN Traffic)

After disabling it, I was able to ping to my remote clients.

I only have one VPN connection going.  I also do as others suggested, putting x.x.x.0/24 for network behind client.  I also check NAT on the client options.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com