Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 09 December 2024, 08:53:06 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Does anyone know if VPN Routing works in 2.5.1??
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Does anyone know if VPN Routing works in 2.5.1??  (Read 10838 times)
ChiefEngr
Jr. Member
*
Offline Offline

Posts: 2


« on: Thursday 09 August 2012, 04:58:01 am »

After looking through the forum, I see alot of people having the same problem I am having -- trying to route traffic between OpenVPN Users and specific zones or servers.  Either it doesn't work, or there is some subtle thing we are all doing wrong.

Here's my particular situation:

My goal is to restrict the internal endpoints that each VPN user can access. In some cases, these will be DMZ (Orange) servers, while in other cases, the VPN user will have access to the entire DMZ (Orange) and LAN (Green) networks.  VPN users do not need to access the WAN (Red) network through the tunnel.

I've confirmed that OpenVPN is installed and working properly on my EFW system and on a client computer by enabling the OpenVPN server, bridging it to the GREEN Zone, and setting a dynamic IP range in my LAN's subnet. I also created a sample user (user.green) with no Client routing or push configurations set.  From an external network, I am able to establish a tunnel and freely access all of the endpoint on my LAN.

For my real application, consider the case of two more users: user.orange and user.restricted. The goal is for:

> user.green to be able to access the entire LAN (Green Zone)
> user.orange to be able to access the entire DMZ (Orange Zone)
> user.restricted to be able to access only ONE specific server (which could be in either the LAN or DMZ)

Here’s what I’ve done (with no success)…

1) Changed the OpenVPN Server configuration to NOT bridged, and assigned a VPN Subnet that is not within any of my internal (LAN or DMZ) subnets.

2) Enabled the VPN Firewall (under Firewall > VPN Traffic).

3) Added a new VPN Firewall Rule:
     Source: OpenVPN User “user.green”
     Destination: Zone GREEN
     Any service or Port
     Action: ALLOW

After restarting and establishing the OpenVPN Connection, user.green cannot access anything anywhere.

I have tried fiddling with all sorts of rules, users, routing – all with no joy.


Can anyone point me in the right direction?? Or, can this software simple NOT do what I am trying to accomplish??


Thanks in advance for any assistance anyone can provide.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com