Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 09:27:23 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Connected client can access EFW but no other hosts
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Connected client can access EFW but no other hosts  (Read 57008 times)
j_e_anderson4
Jr. Member
*
Offline Offline

Posts: 3


« on: Wednesday 20 May 2009, 02:57:52 am »

The run down of what works and does not work. (EFW 2.2RC3)

1. Client connects to EFW OpenVPN server all traffic passed through OpenVPN
2. Client machine can access EFW web frontened
3. Client can SSH into EFW -> then SSH/Ping from EFW into other machines on Green interface
4. Client cannot access/ping other machines on green directly

where have I gone wrong?
any ideas or am I just hopelessly clueless.

Thanks for the help (if I can be helped).

Jordan
Logged
speciall
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Monday 12 October 2009, 06:28:46 pm »

I have the same problem when setting up OpenVPN, is there something in a firewall rule that needs to be changed?

I can connect to the EFW itself, but can't reach a server in the green zone...
Logged
gtjr92
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Tuesday 13 October 2009, 12:02:57 pm »

I have the exact same problem. I cannot access anything on green from vpn. I can't even access my endian firewall from VPN.
I set an access rule to allow connection to endian firewall from vpn didn't work.
My ip range for vpn is on the same subnet as green just a different range.

I also added Push these networks under the VPN and put my network in there still nothing.
Anybody?Huh?
I am using free endian
Logged
speciall
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Friday 30 October 2009, 07:20:01 pm »

I had to go back to Untangle , until I get the endian openvpn setup working.
I want to use Endian because of the proxy caching feature...
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #4 on: Saturday 31 October 2009, 04:12:01 pm »

OpenVPN works like a charm for me (both 2.3RC and 2.3 final).

Did you guys setup the VPN firewall? There is a pretty big warning on OpenVPN tab: Note: Traffic to this IP pool has to be filtered using the VPN firewall!

Steps to check:
1-On OpenVPN Main Tab-> Check that the IP range falls inside GREEN subnet

2- On OpenVPN Tab->Advanced Push your networks, DNS Servers and Domain.
 I pushed my GREEN network and an extra subnet that I reach via a VPN gateway on GREEN. Both nets works perfect (i can use anything on GREEN AND anything on that extra subnet, a VPN that I routed via a Static Route).

3- Configure VPN Firewall. If you didn't add any rule, you won't have access to anything! As a simple rule add "Any VPN User can access anything".

4- Enable VPN Firewall Logging and check the logs (Both Firewall and OpenVPN Service).

5- Try to determine if external VPN request are reaching the EFW Box. If it reach it, try to enable all log you can to determine what's happening.

OpenVPN Client config must be something like:
client
float
dev tap
proto udp
port 1194
remote <<YourEFWServer>>
resolv-retry infinite
nobind
persist-key
persist-tun
ca <<FirewallCertYouDownloadFromEFW>>
auth-user-pa.s.s.
pull
comp-lzo

Remove the dots in the word pa.s.s.. Stupid profanity filter!!!
Logged
endiant
Jr. Member
*
Offline Offline

Posts: 4


« Reply #5 on: Monday 02 November 2009, 05:11:27 pm »

OpenVPN works like a charm for me (both 2.3RC and 2.3 final).

......

I checked all of the settings and still couldn't ping or RDP (mstsc) however SMB was working ..??
I could see the the VPNFW was allowing traffic though...
I then added a source NAT rule to allow "ALL OpenVPN users to Green" and all traffic worked...
Logged
speciall
Jr. Member
*
Offline Offline

Posts: 3


« Reply #6 on: Thursday 07 January 2010, 05:55:27 am »

Hi, I tested with another endian openvpn...

now I added the VPN firewall but still the same result

source: any, destination: any : allow, service: any...


any other tips on this?
the endian openvpn is running on vmware esxi , endian itself is working good.
The computers to connect to are all VM's...

Could this be the problem?
Logged
mogyiman
Jr. Member
*
Offline Offline

Posts: 6


« Reply #7 on: Friday 15 January 2010, 05:54:41 am »

Hi, I tested with another endian openvpn...

now I added the VPN firewall but still the same result

source: any, destination: any : allow, service: any...


any other tips on this?
the endian openvpn is running on vmware esxi , endian itself is working good.
The computers to connect to are all VM's...

Could this be the problem?

In case the VM's are windows machines you could check this topic covering the same issue :
http://efwsupport.com/index.php?topic=827.0

Basically You need to either define route to push in the Endian openvpn server or define manually one after the connection has been established -> the gateway will be the address of the internal green ip of endian FW.
Logged
bucho
Jr. Member
*
Offline Offline

Posts: 1


« Reply #8 on: Saturday 13 February 2010, 04:00:00 am »

The issue is not with Endian but rather the VMWare's network default configuration to not allow promiscuous mode traffic.  You need to disable that feature which keep in mind allows all VM's in that network switch/vlan to see the traffic of every other device (kind of like turning the switch into a hub).

1) Go to the Configuration tab and select Networking.

2) On the vswitch that you want to disable promiscous mode, click on properties.
(If you need to do this per VLAN as well, just click on the the vlan and then edit instead of the vswitch.)

3) On the pop up window, click on edit and select the security tab.
Logged
jeliasson
Full Member
***
Offline Offline

Posts: 11


« Reply #9 on: Tuesday 10 May 2011, 06:46:43 am »

Can anyone confirm bucho's statement regading promiscuous mode?
Logged
jeliasson
Full Member
***
Offline Offline

Posts: 11


« Reply #10 on: Wednesday 11 May 2011, 03:08:48 am »

Can anyone confirm bucho's statement regading promiscuous mode?
I can confirm that myself. It did solve the problem! Smiley
Logged
Alishba
Full Member
***
Offline Offline

Posts: 12


« Reply #11 on: Monday 16 May 2011, 08:13:54 pm »

Dashquid
fatlossprofessional.co.uk
fatlossprofessional
mobilehelper
securetrip
whichpetcover
google
abc
facebook
craigslist
Logged

lucianovs
Jr. Member
*
Offline Offline

Posts: 4


« Reply #12 on: Tuesday 28 June 2011, 06:13:56 am »

Hi Guys!!!

You just new create a firewall rule:

CLIENT2ENDIAN:
GO TO FIREWALL - VPN TRAFFIC (ENABLE)

CREATE A RULE LIKE:

SOURCE: OPENVPN: ANY
DESTINATION: ANY
POLICY: ALLOW


GW2GW:
CREATE A RULE LIKE:
SOURCE IP: ip/mask local
DESTINATION: ip/mask remote
POLICY: ALLOW


I think this can help!
=]
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.172 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com