Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 09:22:47 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Open VPN Gateway to Gateway (help...)
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Open VPN Gateway to Gateway (help...)  (Read 17490 times)
tdgtech
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 18 March 2011, 06:43:55 am »

Hi,

I'm trying to set up a G-T-G connection with Open VPN between two endian units (1 UTM Mini and One Office 4i) between two office locations.

 Both offices are setup with different subnets (Office 1 is 192.168.22.x and Office 2 is 192.168.10.x)

I can get a connection up between them with Open VPN but it does not seem to pass traffic from one network to another UNLESS I choose enable NAT in the client side settings.  If i do this, it only passes traffic in one direction (from client to server).

I have tried every setting I can think of:  Global Push network, Don't block traffic between clients, etc...  Any Idea what I might be missing?  i feel like it should be something simple...
I have disabled the VPN firewall on both sides. 

Do i need to do anything under the main Port Forwarding/NAT for incoming/outgoing?  I feel like this might be the problem but I don't know enough about NAT to know for sure.

In the end I made two tunnels, one with office 1 as the server and another with office 2 as the server.  Both of these with NAT enabled on the client.  This is working now with traffic in two directions.  However, i have read that this is not a preferred option.  Also,  I have to connect in a third office next. 

I would prefer to just use one Endian box as OpenVPN server.  What's the right way to do this?


Any help would be MUCH appreciated.

Thanks!!

Trevor

Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #1 on: Monday 21 March 2011, 07:05:29 am »

- does a ping from subnet A to subnet B works?
- which is the output of traceroute from both the 4i?

Thanks

Lo
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #2 on: Friday 25 March 2011, 04:07:08 am »

Also try to not disable VPN firewall, instead create an allow all rule.

Next, check where the traffics are going thru.
 tracert and efw logs will give you an idea of where your traffic is going.
Logged
Infidel
Jr. Member
*
Offline Offline

Posts: 1


« Reply #3 on: Monday 18 April 2011, 07:06:59 am »

Check your routing table on both sides. I have the same problem: automatic route pushing not working. Solved it by adding static route to remote network and used connected client address in VPN pool as a gateway. (Network>Routing. Example: If VPN address pool is 128.184.0.0, server-side IP is 128.184.0.1, client IP is 128.184.0.2. Add route to %client LAN% throughout gateway 128.184.0.2. It works for me. If you assign static IP for this client, connection will work every time client connects. it is possible, you should do same on client side. In my case, client received routes to server-side network) 
I'm testing this in virtualbox. ( efw & PDC in first network, efw & PC(winxp) in second). PC successfully joined domain. AD and other stuff functioning correctly.
 
IPsec net-to-net works fine in two clicks.

P.S. Sorry for my english  Shocked

Logged
bytehd
Full Member
***
Offline Offline

Posts: 10


« Reply #4 on: Sunday 08 May 2011, 05:37:31 am »

Clients behind the Master server no nothing about clients behind the other EFW/OpenVPN branch office gateways.
Esp if other devices or Win servers dole out your ips via DHCP. (or you are using static private IPs)
You need to create static routes for central users to see remote branch users.
AD can push them down in a login script, but sometime road warriors float between AD domains...

EFW/OPENVPN can push routes to other gateways, but workstations may not be getting these routes from endian.
Are your clients Default gateways the EFW boxes?

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com