Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 12:09:23 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  openvpn gw 2 gw server tun client tap
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: openvpn gw 2 gw server tun client tap  (Read 15169 times)
amucha
Jr. Member
*
Offline Offline

Posts: 1


« on: Thursday 17 December 2009, 07:32:00 pm »

hello all,

i try to connect to networks. one is our network, protected by endian fw. the second is a network with openvpn srv.
it should be work in that way that the office computers in network one can access the mashines in network two.
(opposite direction is not so importand)
so the first step was to manually build up a vpn tunnel. the admin from network two uses this openvpn srv config :

#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local ***.***
dev tun
tun-mtu 1400
proto tcp
port 443
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 192.168.254.0 255.255.255.0
push "route 192.168.8.0 255.255.254.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
push "dhcp-option DOMAIN ***.***.**"
push "dhcp-option DNS 192.168.9.4"
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3

the client configuration is this :

tls-client
client
dev tun
proto tcp
tun-mtu 1400
remote ***.***.** ***
pkcs12 account.p12
cipher BF-CBC
verb 3
ns-cert-type server


ok. if i use this client configuration from my office computer (windows xp) everything is fine.
i can ping the hosts in the second network. even names are resolved correctly.
remote desktop etc. pp . no problem .
ok. i stopped this connection. next step was to establish a connection via endian fw.
so i configured OpenVPN client (gw2gw).
set up in the extended config section :
connection type : routed
block dhcp answ. from tunnel : yes
protocol : tcp

than i started the network. the connection could be established. the admin in the second
network confirmed this (he could see the connection too).
but no ping or any further access was possible.
i tryed some other configurations but the behaviour was the same every time.
than i checked the configuration endian fw generated for my client .

here it is :

client
pull
comp-lzo
nobind
resolv-retry infinite
dev tap2
pkcs12 <cert>
ns-cert-type server
proto tcp
remote <host:port>
writepid /var/run/openvpn/client_.pid
up-delay
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/"
down-pre
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.client.d/"

the first thing is, that the client uses the tap device (for routed and also bridged conn.type).

is there a chance to tell endian fw that it should use the tun device ?
is it necessary to add additional routes / rules or is this done by endian fw scripts ?

many thanks in advance

andreas .
Logged
Saltee
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Thursday 07 January 2010, 05:53:40 am »

sounds like a routing problem - ensure you're pushing your routes correctly
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com