Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 11:07:36 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Openvpn and routing
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Openvpn and routing  (Read 14835 times)
Luke
Jr. Member
*
Offline Offline

Posts: 2


« on: Tuesday 10 November 2009, 02:44:56 am »

Hi everyone :-)
I'm learning using this firewall and it seem very cool. I'm working on some idea but I've got a big problem, this is it:

I've got an endian net 192.168.9.0/24 in the green zone
I've created a remote net 192.168.10.0/29
I've got a local net 172.24.32.0/23 and a 192.168.3.0/24.

I configured the firewall with the main ethernet ip 172.24.32.114/23 and two other IP: 192.168.9.254/24, IP 192.168.3.253/24 (GREEN ZONE)
The Open VPN Server is configured for local IP 192.168.9.10/24 and remote lan 192.168.10.0/29
OpenVPN works fine with the two subnet configured: from the 192.168.9.x I can ping the 192.168.10.x and vice versa.
The real problem come from the other two subnet. With the EFW set as gateway, a PC with address 192.168.3.x (or 172.24.32.x) can't ping the 192.168.10.x (the remote lan).

Someone have any suggestion? (All Endian Firewall are disabled)
Thank you so much for any suggestion
;-)
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 10 November 2009, 11:41:45 am »

On VPN->OpenVPN-> Advanced

Push these networks:
192.168.9.0/24
172.24.32.0/23
192.168.3.0/24

And restart. If that doesn't work try not disabling the firewalls. I'm not sure if disabled means "Deny all" or "Allow all". Just create rules to allow al traffic in both VPN and interzone firewalls, in & out.

Use traceroute commands to detect what path your traffic is going.

From a 192.168.3.x machine use the following DOS command:
tracert 192.168.10.x
And check what route your traffic uses to reach that net. If it tries to go to the internet, something is wrong, traffic should enter openvpn after entering EFW, and going out on the .10.x net, so you shouldn't have internet ip's on your traceroute.
Logged
Luke
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Tuesday 10 November 2009, 06:59:36 pm »

Hi Mr. Kroket, thank you for your answer but It doesn't work fine. This is what I've done:
In Firewall->InterZone Traffic I've made a rule GREEN to ANY -> Any Protocol/port
In Firewall->VPNTraffic I've made a rule like Source->Interface1, Interface 5 Destination->GREEN+OPENVPN Any destination (on interface 1 and 5 I've got the switch with the 3 green zone: 192.168.3.0/24, 192.168.9.0/24, 172.24.32.0/23

In VPN -> Advanced
I've forced the three network 192.168.3.0/24, 192.168.9.0/24, 172.24.32.0/23

Make the VPN and nothing changed.
I've done a tracert to the 192.168.10.2 , the route arrived to the EFW but it stops there.
In the firewall log of EFW I see the packet from my pc (172.24.32.x/23) to the 192.168.10.2 that are allowed, but as I've just said the ping doesn't works.
Thank you again if you have any suggestion
Luke
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com