Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 03:48:32 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Can't start IPSEC On 2.4
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Can't start IPSEC On 2.4  (Read 39096 times)
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« on: Saturday 29 May 2010, 12:59:53 am »

All,

I just installed 2.4 after the upgrade from 2.3 hosed up my system.  I decided that rather than restore the backup I would just configure it from scratch.  I got I think most everything set up but I cannot get the IPSEC to work properly.  I have the tunnel set up but I cannot enable it.  If I check the box, then click the button that I assume is the submit button (it actually says "This field may be left blank") the checkbox just disappears and it never enabled IPSEC, it still shows up as disabled on the status screen.  How can I get this working?  Here is a picture showing the VPN screen:


http://i60.photobucket.com//h33/danodemano/ipsec.png
(Make sure you remove the double //'s)

Thanks for your help!!!
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #1 on: Saturday 29 May 2010, 02:58:02 am »

Well....I fudged it and got it to work, sort of.  I copied the "settings" file I had from my backup of 2.3 and uploaded it to /var/efw/vpn then rebooted.  IPSEC now starts and the tunnel comes up but I am not able to get through it.  From the remote site I can ping the LAN IP address of the Endian box itself but cannot ping anything else within the network.  Thoughts?

Thanks!
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #2 on: Saturday 29 May 2010, 12:39:32 pm »

So I spoke too soon.  Yes, it does in fact bring up the VPN, but now all traffic in the LAN ceases to connect to the internet.  The Endian box itself is connected but nothing else is.  I turned the VPN back off for now (by renaming that file) but would really like to get the VPN working and still have internet connectivity in my LAN.  Thoughts or suggestions?

Thanks!
Logged
andym
Jr. Member
*
Offline Offline

Posts: 7


« Reply #3 on: Saturday 29 May 2010, 04:29:14 pm »

All you have to do in this case is to do an upgrade. There are some problems with the .ISO. Just go to the command line and type efw-upgrade. You also have be registered with endian because they ask for the user during this process. The username is your email address that you provided during registration.

You cannot enable IPSec VPN because there is no Save button present Smiley

Enjoy
Logged
thanit
Jr. Member
*
Offline Offline

Posts: 4


« Reply #4 on: Sunday 30 May 2010, 12:35:02 am »

Please try this from Christian.

public.endian.com/christian/EFW-COMMUNITY-2.4-201005280528.iso

Thanit
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #5 on: Sunday 30 May 2010, 05:29:59 am »

Thanks, IPSEC is working now after I did an efw-upgrade.

However....it still seems like it kills the green connection whenever I turn it on.  The IPSEC connects, yes, but then none of the machine in my LAN can ping the green interface, let along get to the internet.  Is this another bug with the IPSEC?
Logged
andym
Jr. Member
*
Offline Offline

Posts: 7


« Reply #6 on: Sunday 30 May 2010, 06:58:55 am »

My problem is that i cannot ping or browse the remote green interface. I'm behind endian1 and the remote is behind endian2. I have a IPSec VPN between them that is working but the can't browse the remote green interface. I've put a rule in my outgoing firewall to allow SMB data packets. I also turned off IDS but still can't get in the remote network.

Behind endian1 i have an office and behind endian2 i have the file server. The office cannot get access to the server even if IPSec is working. I tried every rule possible. Please help.

Thanks
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #7 on: Sunday 30 May 2010, 07:51:10 am »

That was also an issue.  From the remote end I cannot access the machine behind the Endian box on the green interface.  But likewise, these machines cannot access the internet at all.  The tunnel shows as up and from the remote end I can ping the local endian green interface but cannot ping anything.
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #8 on: Sunday 30 May 2010, 08:07:58 am »

Let me try to explain this better....here is the setup:
|192. LAN|<==>|Endian|<==>|DSL Modem Bridged|<==>|Internet|<==>|Cisco 3640|<==>|Sonicwall|<==>|10. LAN|

With VPN disabled machines in the 192 and 10 LAN's cannot talk (obviously).  Both sides can access the internet without a problem.  When I enable the VPN, now the 10. side can talk to Endian's green interface and the tunnel shows as up on both sides.  All the machines in the 192 LAN though loose internet connectivity and can no longer ping the green interface of Endian (they also cannot talk to machines in the 10 network).  Also, machines in the 10 network cannot ping any machine (other than Endian) in the 192 LAN.  It seems like enabling the IPSEC in Endian breaks the green interface?  This was working perfectly with 2.3. 
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #9 on: Sunday 30 May 2010, 08:16:48 am »

Ok, not enabling the IPSEC, actually having a tunnel defined.  I deleted the tunnel that I had then enabled IPSEC and I'm still able to ping the green interface and have internet access.  I'm going to try to define my VPN tunnel again and see if maybe I made a mistake with it....
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #10 on: Sunday 30 May 2010, 08:30:10 am »

Filed as a bug: http://bugs.endian.com/bug_view_advanced_page.php?bug_id=2947

Creating a tunnel with IPSEC already enabled *ALSO* breaks the green interface.
Logged
andym
Jr. Member
*
Offline Offline

Posts: 7


« Reply #11 on: Sunday 30 May 2010, 07:53:30 pm »

Both my sides can access the internet. Can't access the green interface but i can access the internet from both sides.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com