Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 03:57:46 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  VPN not working on EFW community 2.5.1
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] 2 Go Down Print
Author Topic: VPN not working on EFW community 2.5.1  (Read 110823 times)
nir1978
Jr. Member
*
Offline Offline

Posts: 7


« on: Tuesday 24 April 2012, 04:34:47 pm »

Im  trying to create a site to site as well as roaming VPN on endian 2.5.1 using openVPN as well as IPSec, but none are working.

I tried lots of configurations and resets.

I want to know if IPSec is working on community version.
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #1 on: Thursday 26 April 2012, 09:05:28 am »

I set up an IPSec VPN in efw2.5.1 and it works perfectly. I use a pre-shared key; not a digital certificate.
Logged
alex71
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Thursday 31 May 2012, 02:38:47 am »

I'm having no luck setting up an IPsec VPN either. I'm using 2.5.1. The connection status is always closed.

i must be doing something wrong, because some UI elements described in the docs are not present in my setup. For instance, the docs say the user account screen should have a checkbox for protocol selection (openvpn or ipsec), and mine doesn't.

I don't have a L2TP tab at all.

I'm just trying to set up a simple VPN using PSK, so I can access my LAN remotely when I need to.

Just not working. Seems like I'm missing something entirely, but I don't know what (other than the missing UI elements!)

Can someone please help?
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #3 on: Monday 04 June 2012, 12:17:23 am »

Yes alex71, your missing something and we don't know where are you doing it as davvidde said its working and mine too (simple VPN with PSK). Search the forum and you'll find it.
Logged
PhillipS
Jr. Member
*
Offline Offline

Posts: 2


« Reply #4 on: Saturday 29 December 2012, 07:46:24 pm »

I am having the same problem. Now configured 4 Units - all the same result (so I am making the same mistake?)
Connecting 100% from IPcop to IPcop, cannot convert from IPcop to Endian due to this issue.
Using ADSL's with "All traffic" routed to "Red-interface" - can PING both side from both sides - Web-interface also working 100%

Configuration is easy and straight forward:
1) Menu -> VPN -> IPsec
2) Global settings -> Enable (activate all debug for testing)
3) Connection status and control -with "Use a pre-shared key:" and as per per IPcop
4) Firewall -> VPN Firewall turned Off

I must be missing something  Cry

I will hugely appreciate any assisting/guidance and have TeamViewer to double check my configuration.
Thank you in advance Grin

Phillip
Logged
squeezyb
Jr. Member
*
Offline Offline

Posts: 2


« Reply #5 on: Tuesday 05 February 2013, 04:18:39 am »

what platform do you have EFW running on? I had the exact same problem, but was running my servers and firewall within VMware. You have to enable the NICs to be promiscuous. After enabled, you should be able to have full connectivity
Logged
cre8tif
Jr. Member
*
Offline Offline

Posts: 1


« Reply #6 on: Monday 25 February 2013, 03:23:12 pm »

I set up an IPSec VPN in efw2.5.1 and it works perfectly. I use a pre-shared key; not a digital certificate.

hi davvidde,

did you setup the firewall policy for incoming NAT for IPSec? most FAQ and HOWTO is silent on this.
Logged
robert
Full Member
***
Offline Offline

Posts: 23


« Reply #7 on: Thursday 28 February 2013, 03:00:20 pm »

I believe site to site or Net-To-Net IPsec connections work well on EFW as long as both machines are not NATed.

But for RoadWarrior scenarios it is not so good.  There are issues with NAT-T and there is no support for secondary authentication such as Xauth.  Then there is the missing L2TP support that is in Endian's other products.

While OpenVPN would be good but EFW only supports TAP while Android, for example, only supports TUN.

(Shameless plug start)
I've fixed the IPsec VPN support and fixed all these IPsec issues and more as well as added L2TP support.  Please see my other post for more information.

After installing my changes I'm able to connect with the native VPN client in Android using IPsec with Xauth and L2TP with Certificates or PSK.
(Shameless plug end)
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #8 on: Wednesday 20 March 2013, 04:29:06 am »

Hi Robert,
glad to see someone who know what they are doing working on these problems.  Will your fix allow connection from a standard Windows client or will it require a VPN client package?
Logged
robert
Full Member
***
Offline Offline

Posts: 23


« Reply #9 on: Saturday 23 March 2013, 03:34:14 am »

My goal is to make it work without special clients on Android, iOS and Windows.  I discovered there are some issues with IPsec due to the old version of strongSwan but L2TP should work fine.
Logged
SPo
Jr. Member
*
Offline Offline

Posts: 1


« Reply #10 on: Saturday 30 March 2013, 03:28:36 am »

Hi robert,

i installed you package and i got new Options in the webinterface. I want to setup a vpn with android 4.2.2 and a preshared key (at first step).

Using endian community version 2.5.1 with your new generated ipsec package.

#  rpm -qa | grep ipsec
efw-ipsec-2.7.6-1.ossw
strongswan-ipsec-4.6.4-2.ossw

For some more infos see attached setting pictures.

If i connect via red interface I get as last entries in the System log some pluto entries like:

pluto (5367) peer requests XAUTHPSK+XAUTHSERVER authentication
pluto (5367) initial Main Mode message received on 192.168.2.3:500 but no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER

And if i take a look into the endian virtual machine  pluto config files, i see that xauth isn`t enabled.

Could you guide me through a setup process ? Do i need to set any extra firewall entries ?

Kind regards, SPo


Logged
robert
Full Member
***
Offline Offline

Posts: 23


« Reply #11 on: Monday 01 April 2013, 10:56:31 am »

Did you restart IPsec?

You can do it by clicking the button in add IPsec / L2TP users or running "restartipsec -force" at the ssh command line or restarting the system.
Logged
vinodtcr
Jr. Member
*
Offline Offline

Posts: 4


« Reply #12 on: Wednesday 08 May 2013, 03:49:49 pm »

Please let me know the location where I can download the new ipsec package for enabling L2TP support in Endian Community 2.5.1.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #13 on: Wednesday 05 June 2013, 06:50:38 am »

Can someone point me to a walk-thru to installing Robert's packages.
Logged
sota
Full Member
***
Offline Offline

Posts: 14


« Reply #14 on: Monday 17 June 2013, 03:45:14 am »

Login in to your Endian box with Putty. You will need to add the channels first to allow the smart installer to find the package. Download Roberts ossw-repos script to add them.

Save the script ossw-repos on the Endian box and run "ossw-repos add" and "oss-repos enable"

Now update the cache by running "smart update". Once it's finished run "smart install ossw-l2tp" to get the package.

It's probably best to reboot once this completes.
Logged
Pages: [1] 2 Go Up Print 
« previous next »
Jump to:  

Page created in 0.188 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com