EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 19 November 2024, 09:17:56 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Reference Manual
HERE
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
VPN Support
efw 2.4 - Strange behavior OpenVPN
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: efw 2.4 - Strange behavior OpenVPN (Read 17958 times)
bautzen
Full Member
Offline
Posts: 13
efw 2.4 - Strange behavior OpenVPN
«
on:
Saturday 12 June 2010, 11:18:01 pm »
Hi to all, I'm new here and my english is not so good, however I will try to explain my situation because I'm sure that I have made something wrong in somewhere.
SCENARIO:
Internal clients (DHCP) ----- [SBS 2003 Premium with ISA 2004] ----------- [EFW 2.4 full updated] ------------ [Zyxel ADSL] ----------------- Internet
10.1.0.0/16 <-----------------> NIC1 10.1.0.6
default GW: 10.1.0.6 |
default DNS: 10.1.0.6 (ISA 2004 SP2)
default WINS: 10.1.0.6 |
| -> NIC2 172.16.0.200 --------> ORANGE: 172.16.0.254
|
|
|
|
RED: 192.168.0.253 ----(GW)-----> 192.168.0.254
|
|
|
|--- Dynamic ISP IP: 123.123.123.123
<-----------------------------------------------------------------------> GREEN: 10.3.0.254/16
10.1.0.254/16 (Alias IP)
Now I would like to permit remote clients to connect to internal LAN (10.1.0.0/16) through EFW OpenVPN Server.
So I have setup the efw to assign dynamic pool IP from 10.3.0.100 to 10.3.0.200.
I use OpenVPN client GUI 2.0.9 from openvpn.se
STRANGE BEHAVIOR:
- Remote VPN Client connects correctly and receive dynamic IP: 10.3.0.100, 10.3.0.101, 10.3.0.102 etc etc etc
- Remote PC can access internal LAN: ping works and other services too. Obviously internal Lan PC receive a static route from DHCP (option 249) like this: route ADD 10.3.0.0 MASK 255.255.0.0 10.1.0.254
- THE PING FROM INTERNAL LAN TO REMOTE VPN CLIENT doesn't work at all. When Remote client is connected with 10.3.0.102 (for example) from a internal lan PC (example: 10.1.0.115) I can ping the remote pc (10.3.0.102) only if I write ping 10.3.0.100!!!!!
I post my configuration:
OPENVPN SERVER:
; daemon configuration
daemon
mode server
tls-server
proto tcp
port 1827
multihome
user openvpn
group openvpn
cd /var/openvpn
client-config-dir clients
script-security 2 system
; tunnel configuration
dev tap0
server-bridge 10.3.0.254 255.255.0.0 10.3.0.100 10.3.0.200
push "route-gateway 10.3.0.254"
push "route 10.1.0.0 255.255.0.0"
passtos
comp-lzo
management 127.0.0.1 5555
keepalive 8 30
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
persist-local-ip
persist-remote-ip
; logging and status
writepid /var/run/openvpn/openvpn.pid
ifconfig-pool-persist openvpn.leases
status /var/log/openvpn/openvpn-status.log
verb 1
client-connect "/usr/local/bin/dir.d-exec /etc/openvpn/client-connect.d/"
client-disconnect "/usr/local/bin/dir.d-exec /etc/openvpn/client-disconnect.d/"
; certificates and authentication
dh /var/efw/openvpn/dh1024.pem
pkcs12 /var/efw/openvpn/pkcs12.p12
client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
username-as-common-name
client-to-client
OPENVPN CLIENT CONFIG:
client
dev tap
proto tcp
;proto udp
remote XXXXXX.dyndns.org 1827
resolv-retry infinite
nobind
persist-key
persist-tun
ca firewall.pem
auth-user-pass
comp-lzo
verb 3
Logged
bautzen
Full Member
Offline
Posts: 13
Re: efw 2.4 - Strange behavior OpenVPN
«
Reply #1 on:
Saturday 12 June 2010, 11:56:35 pm »
I have create a "source NAT" too as follow:
[SOURCE] ALL (OpenVPN Clients)
[DESTINATION] GREEN
[SERVICE] Any
[NAT IN] Auto
But it doesn't resolve my issue
From Remote PC (10.3.0.150)
I can:
- ping internal LAN 10.1.0.0/16
- ping SBS 2003 (10.1.0.6)
- VNC to SBS 2003 (10.1.0.6) and other Server with static route to 10.3.0.0 added manually
I can't:- VNC to internal PC with IP received from DHCP server
From Internal LAN (10.1.0.0/16):
- If I ping remote VPN PC to 10.3.0.150 i received:
Reply from 10.1.0.254: Destination host unreachable.
- If I ping the same remote VPN PC to 10.3.0.100 (instead of 10.3.0.150) the ping works fine and I can reach the remote PC with VNC for example.
- Same situation if I ping the remote PC from Server SBS. The difference is that remote PC can VNC to SBS correctly even if the SBS is not able to ping the remote host. Instead remote PC is not able to VNC to each internal PC with IP assigned from DHCP.
I post ipconfig /ALL of the SBS 2003:
Host Name . . . . . . . . . . . . : server01
Primary DNS Suffix . . . . . . . : xxxx.local
Node Type . . . . . . . . . . . . : Unknow
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxxx.local
Ethernet adapter LAN-SBS:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMWare accelerated AMD PCNet adapterr
Physical Address. . . . . . . . . : 00-17-A4-8F-AF-3E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.6
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 10.1.0.6
Ethernet adapter LAN-DMZ:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMWare accelerated AMD PCNet adapterr
Physical Address. . . . . . . . . : 00-17-A4-8F-AF-4E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.254
DNS Servers . . . . . . . . . . . : 172.16.0.254
Primary WINS Server . . . . . . . : 10.1.0.6
NetBIOS over TCPIP . . . . . . . : disabled
Logged
bautzen
Full Member
Offline
Posts: 13
Re: efw 2.4 - Strange behavior OpenVPN
«
Reply #2 on:
Sunday 13 June 2010, 12:10:02 am »
ROUTING TABLE OF SBS:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.0.254 172.16.0.200 10
10.1.0.0 255.255.0.0 10.1.0.6 10.1.0.6 10
10.1.0.6 255.255.255.255 127.0.0.1 127.0.0.1 10
10.1.0.109 255.255.255.255 127.0.0.1 127.0.0.1 50
10.3.0.0 255.255.0.0 10.1.0.254 10.1.0.6 1
10.255.255.255 255.255.255.255 10.1.0.6 10.1.0.6 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.0.0 255.255.255.0 172.16.0.200 172.16.0.200 10
172.16.0.200 255.255.255.255 127.0.0.1 127.0.0.1 10
172.16.255.255 255.255.255.255 172.16.0.200 172.16.0.200 10
224.0.0.0 240.0.0.0 10.1.0.6 10.1.0.6 10
224.0.0.0 240.0.0.0 172.16.0.200 172.16.0.200 10
255.255.255.255 255.255.255.255 10.1.0.6 10.1.0.6 1
255.255.255.255 255.255.255.255 172.16.0.200 172.16.0.200 1
Default Gateway: 172.16.0.254
===========================================================================
Persistent Routes:
None
Logged
bautzen
Full Member
Offline
Posts: 13
Re: efw 2.4 - Strange behavior OpenVPN
«
Reply #3 on:
Sunday 13 June 2010, 12:13:41 am »
Where is my mistake?
Is something related to ISA 2004? (I have only add to internal network the subnet 10.3.0.0/16)
Maybe I have to add 10.3.0.0 netmask 255.255.255.0 instead of 255.255.0.0?
Thank you to all for the attetion
Sincerely
regards
Patrick
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com