Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 28 November 2024, 04:07:20 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  EFW 3.0.5 GW2GW setup
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 3.0.5 GW2GW setup  (Read 22111 times)
derick@replic8.co.bw
Full Member
***
Offline Offline

Posts: 13


« on: Thursday 03 December 2015, 08:38:26 pm »

Hi all


Just sticking this here in case anyone else runs into the same issues I have recently.

Say you have Site A being your OVPN server and Site B being your VPN client (or GW2GW server), here's what worked for us using 3.0.5:

1. Follow the instructions for the server (or site A) listed here: http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection

2. While you're at site A, copy the cert for use later at site B. The file you need is here (the cert we downloaded from the web UI did NOT work for some reason):
/etc/openvpn/ca/cacert.pem

3. At site B, edit /etc/openvpn/openvpnclient.conf.tmpl and change this:
custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

To this:
#custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

No idea what that line is supposed to do/ not to do, but your VPN tunnel will not get established while that line is there. Assume it's a bug with 3.0.5.

4. At site B, run this (not sure if this step is absolutely necessary, but might as well run it anyways as it was listed as a suggestion elsewhere):
ln -s /sbin/ip /bin/ip

5. Reboot EFW at site B

6. Configure the site B server, again following the instructions for the client (or site B): http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection
Just note that the certificate you need to select will be the cacert.pem file you copied earlier in step 2.


And that's it, the VPN tunnel should get established successfully.
Logged
Washimi
Jr. Member
*
Offline Offline

Posts: 1


« Reply #1 on: Wednesday 20 January 2016, 12:59:39 am »

I did connecting both sides (A on B and B on A) using the GUI provided certificate without any additional configuration on EFW. The only "trick" was: both sides run in VM´s (ESX - VMware), so I allowed promiscuous mode on both sides green interfaces.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com