Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 23 December 2024, 02:55:08 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Endian 2.5.1 OpenVPN Server and OpenVPN client behind another Endian 2.5.1
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 2.5.1 OpenVPN Server and OpenVPN client behind another Endian 2.5.1  (Read 36206 times)
SerFingolfin
Jr. Member
*
Offline Offline

Posts: 9


« on: Thursday 19 September 2013, 01:02:41 am »

Hi everybody.
I want to establish a VPN connection between a client (with OpenVPN software) in my LAN (Behind an Endian Firewall 2.5.1) and a OpenVPN Server on a remote Endian 2.5.1.

My client configuration is :

client
dev tap
proto udp
remote <server public ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca efw-srv.pem
auth-user-pass
comp-lzo

My server configuration is :

[GENERAL SETTINGS]
OpenVPN server enabled : YES
Bridged : NO
VPN Subnet : 192.168.0.0/24 (remote GREEN is 0.x and mine is 2.x)
[ACCOUNT]
Only username and password
[ADVANCED]
Port 1194
Protocol UDP
Do not block traffic between clients CHECKED
PSK authentication CHECKED
All other options are unchecked

Outgoing firewall is disabled on both Endian
Interzone firewall is disabled on both Endian
VPN firewall is disabled on both Endian

My client connects and retrieves a valid IP, but cannot ping or access the remote machines.
Any suggestion?
Thanks in advance.
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #1 on: Thursday 19 September 2013, 04:00:00 am »

have you tried with TCP? I remember some trouble with UDP...

and I've not VPN subnet, but only first and last ip address
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
SerFingolfin
Jr. Member
*
Offline Offline

Posts: 9


« Reply #2 on: Thursday 19 September 2013, 07:33:12 pm »

I tried switching to TCP (server-side and client-side) with no results...
My interface connects and picks ip address correctly, but i can't ping or reach the remote machines
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #3 on: Friday 20 September 2013, 01:26:07 am »

post your client openvpn logs, maybe it can be useful
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
SerFingolfin
Jr. Member
*
Offline Offline

Posts: 9


« Reply #4 on: Friday 20 September 2013, 06:59:51 pm »

Client log file attached
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #5 on: Saturday 21 September 2013, 09:02:20 pm »

my vpn server is so configured:

[GENERAL SETTINGS]
OpenVPN server enabled : YES
Bridged : YES
Start IP address: 192.168.10.191 (remote LAN is 192.168.10.0/24 but no devices use 191-199)
End IP address: 192.168.10.199

[ACCOUNT]
Only username and password

[ADVANCED]
Port 1194
Protocol UDP
Do not block traffic between clients UNCHECKED
PSK authentication CHECKED
All other options are UNCHECKED
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #6 on: Saturday 21 September 2013, 09:27:09 pm »

I tried to replicate your configuration

in [ADVANCED] put 192.168.2.0/24 in "Force this subnet" or similar (I've italian language,anyway it's the first option
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
SerFingolfin
Jr. Member
*
Offline Offline

Posts: 9


« Reply #7 on: Monday 23 September 2013, 05:02:04 pm »

No way : with your configuration i can see and ping only the remote endian.
But other machines remains unreachable...
This is so weird
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #8 on: Wednesday 02 October 2013, 08:32:30 pm »

obvious question but.....

the remote endian is the gateway of the remote lan?
are you sure that remote computers are configured to reply to ping from a remote network?
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
SerFingolfin
Jr. Member
*
Offline Offline

Posts: 9


« Reply #9 on: Wednesday 02 October 2013, 11:09:29 pm »

Yes, both Endians are gateway for their respective LAN.
I tried updating both of them to 2.5.2, with no results.
I tried installing a simple Windows VPN forwarding port 1723 to a client : everything works fine!
Should i quit trying with Endian's VPN?
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #10 on: Friday 04 October 2013, 06:42:06 pm »

try

1) add in your client .conf:

verb 3
route 192.168.0.0 255.255.255.0 192.168.0.1

2) post your new log
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com