EFW Support

Support => VPN Support => Topic started by: nir1978 on Tuesday 24 April 2012, 04:34:47 pm



Title: VPN not working on EFW community 2.5.1
Post by: nir1978 on Tuesday 24 April 2012, 04:34:47 pm
Im  trying to create a site to site as well as roaming VPN on endian 2.5.1 using openVPN as well as IPSec, but none are working.

I tried lots of configurations and resets.

I want to know if IPSec is working on community version.


Title: Re: VPN not working on EFW community 2.5.1
Post by: davvidde on Thursday 26 April 2012, 09:05:28 am
I set up an IPSec VPN in efw2.5.1 and it works perfectly. I use a pre-shared key; not a digital certificate.


Title: Re: VPN not working on EFW community 2.5.1
Post by: alex71 on Thursday 31 May 2012, 02:38:47 am
I'm having no luck setting up an IPsec VPN either. I'm using 2.5.1. The connection status is always closed.

i must be doing something wrong, because some UI elements described in the docs are not present in my setup. For instance, the docs say the user account screen should have a checkbox for protocol selection (openvpn or ipsec), and mine doesn't.

I don't have a L2TP tab at all.

I'm just trying to set up a simple VPN using PSK, so I can access my LAN remotely when I need to.

Just not working. Seems like I'm missing something entirely, but I don't know what (other than the missing UI elements!)

Can someone please help?


Title: Re: VPN not working on EFW community 2.5.1
Post by: kashifmax on Monday 04 June 2012, 12:17:23 am
Yes alex71, your missing something and we don't know where are you doing it as davvidde said its working and mine too (simple VPN with PSK). Search the forum and you'll find it.
(http://s19.postimage.org/ghhznfitf/vpn_psk.png)


Title: Re: VPN not working on EFW community 2.5.1
Post by: PhillipS on Saturday 29 December 2012, 07:46:24 pm
I am having the same problem. Now configured 4 Units - all the same result (so I am making the same mistake?)
Connecting 100% from IPcop to IPcop, cannot convert from IPcop to Endian due to this issue.
Using ADSL's with "All traffic" routed to "Red-interface" - can PING both side from both sides - Web-interface also working 100%

Configuration is easy and straight forward:
1) Menu -> VPN -> IPsec
2) Global settings -> Enable (activate all debug for testing)
3) Connection status and control -with "Use a pre-shared key:" and as per per IPcop
4) Firewall -> VPN Firewall turned Off

I must be missing something  :'(

I will hugely appreciate any assisting/guidance and have TeamViewer to double check my configuration.
Thank you in advance ;D

Phillip


Title: Re: VPN not working on EFW community 2.5.1
Post by: squeezyb on Tuesday 05 February 2013, 04:18:39 am
what platform do you have EFW running on? I had the exact same problem, but was running my servers and firewall within VMware. You have to enable the NICs to be promiscuous. After enabled, you should be able to have full connectivity


Title: Re: VPN not working on EFW community 2.5.1
Post by: cre8tif on Monday 25 February 2013, 03:23:12 pm
I set up an IPSec VPN in efw2.5.1 and it works perfectly. I use a pre-shared key; not a digital certificate.

hi davvidde,

did you setup the firewall policy for incoming NAT for IPSec? most FAQ and HOWTO is silent on this.


Title: Re: VPN not working on EFW community 2.5.1
Post by: robert on Thursday 28 February 2013, 03:00:20 pm
I believe site to site or Net-To-Net IPsec connections work well on EFW as long as both machines are not NATed.

But for RoadWarrior scenarios it is not so good.  There are issues with NAT-T and there is no support for secondary authentication such as Xauth.  Then there is the missing L2TP support that is in Endian's other products.

While OpenVPN would be good but EFW only supports TAP while Android, for example, only supports TUN.

(Shameless plug start)
I've fixed the IPsec VPN support and fixed all these IPsec issues and more as well as added L2TP support.  Please see my other post for more information.

After installing my changes I'm able to connect with the native VPN client in Android using IPsec with Xauth and L2TP with Certificates or PSK.
(Shameless plug end)


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Wednesday 20 March 2013, 04:29:06 am
Hi Robert,
glad to see someone who know what they are doing working on these problems.  Will your fix allow connection from a standard Windows client or will it require a VPN client package?


Title: Re: VPN not working on EFW community 2.5.1
Post by: robert on Saturday 23 March 2013, 03:34:14 am
My goal is to make it work without special clients on Android, iOS and Windows.  I discovered there are some issues with IPsec due to the old version of strongSwan but L2TP should work fine.


Title: Re: VPN not working on EFW community 2.5.1
Post by: SPo on Saturday 30 March 2013, 03:28:36 am
Hi robert,

i installed you package and i got new Options in the webinterface. I want to setup a vpn with android 4.2.2 and a preshared key (at first step).

Using endian community version 2.5.1 with your new generated ipsec package.

#  rpm -qa | grep ipsec
efw-ipsec-2.7.6-1.ossw
strongswan-ipsec-4.6.4-2.ossw

For some more infos see attached setting pictures.

If i connect via red interface I get as last entries in the System log some pluto entries like:

pluto (5367) peer requests XAUTHPSK+XAUTHSERVER authentication
pluto (5367) initial Main Mode message received on 192.168.2.3:500 but no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER

And if i take a look into the endian virtual machine  pluto config files, i see that xauth isn`t enabled.

Could you guide me through a setup process ? Do i need to set any extra firewall entries ?

Kind regards, SPo




Title: Re: VPN not working on EFW community 2.5.1
Post by: robert on Monday 01 April 2013, 10:56:31 am
Did you restart IPsec?

You can do it by clicking the button in add IPsec / L2TP users or running "restartipsec -force" at the ssh command line or restarting the system.


Title: Re: VPN not working on EFW community 2.5.1
Post by: vinodtcr on Wednesday 08 May 2013, 03:49:49 pm
Please let me know the location where I can download the new ipsec package for enabling L2TP support in Endian Community 2.5.1.


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Wednesday 05 June 2013, 06:50:38 am
Can someone point me to a walk-thru to installing Robert's packages.


Title: Re: VPN not working on EFW community 2.5.1
Post by: sota on Monday 17 June 2013, 03:45:14 am
Login in to your Endian box with Putty. You will need to add the channels first to allow the smart installer to find the package. Download Roberts ossw-repos script to add them.

Save the script ossw-repos on the Endian box and run "ossw-repos add" and "oss-repos enable"

Now update the cache by running "smart update". Once it's finished run "smart install ossw-l2tp" to get the package.

It's probably best to reboot once this completes.


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Wednesday 19 June 2013, 02:01:16 am
Thank you Sota ;D, will try and let you know


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Saturday 22 June 2013, 09:07:27 am
I am getting this error message when i type "ossw-repos add" in putty "-bash: ossw-repos: command not found" should the file have an extension? or am i just doing something wrong?


Title: Re: VPN not working on EFW community 2.5.1
Post by: sota on Monday 24 June 2013, 11:09:53 pm
Assuming you are in that same folder as where you saved the script,  you have to make it executable with:

chmod a+x ossw-repos

then run:

./ossw-repos add

and

./oss-repos enable

then:

smart update
and
smart install ossw-l2tp



Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Tuesday 25 June 2013, 09:37:22 am
Thanks a million Sota its all good now.  Will test tomorrow.


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Wednesday 26 June 2013, 01:40:00 am
Hi Sota,
        I am interested in the IFTOP as well, I did smart install iftop from Roberts repository and it seemed to have installed
where can I go to see the reporting of the iftop addon?


Title: Re: VPN not working on EFW community 2.5.1
Post by: sota on Wednesday 26 June 2013, 08:06:20 pm
Hmm, try the iftop command in a Putty session?


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Thursday 27 June 2013, 02:07:22 am
Hi ;D sorry for some reason it was not functioning when I first tried it, I actually did the install a second time closed putty and re-opened and it started working.  Sounded like a dumbass for a bit there didnt I :D


Title: Re: VPN not working on EFW community 2.5.1
Post by: sota on Thursday 27 June 2013, 07:36:15 pm
It can happen to the best of us! Also, you can use iftop -i <interface name> to select which interface to use.


Title: Re: VPN not working on EFW community 2.5.1
Post by: dda on Thursday 11 July 2013, 03:16:38 am
I had actually googled it after it didn't work the first time but thanks for the assist.


Title: Re: VPN not working on EFW community 2.5.1
Post by: jac4all on Sunday 24 November 2013, 03:46:50 am
can any one pls giude me step by step how to add the channel and get robert repos. ???

thanks


Title: Re: VPN not working on EFW community 2.5.1
Post by: jac4all on Sunday 24 November 2013, 04:37:53 am
after strugeling and geting things download it and folow the instruction you post i got this error

 smart install ossw-l2tp
Loading cache...
Traceback (most recent call last):
  File "/usr/bin/smart", line 200, in ?
    main(sys.argv[1:])
  File "/usr/bin/smart", line 173, in main
    exitcode = iface.run(opts.command, opts.argv)
  File "/usr/lib/python2.4/site-packages/smart/interface.py", line 53, in run
    result = _command.main(self._ctrl, opts)
  File "/usr/lib/python2.4/site-packages/smart/commands/install.py", line 105, in main
    ctrl.reloadChannels()
  File "/usr/lib/python2.4/site-packages/smart/control.py", line 388, in reloadChannels
    if not channel.fetch(self._fetcher, progress):
  File "/usr/lib/python2.4/site-packages/smart/channels/rpm_md.py", line 287, in fetch
    fetcher.run(progress=progress)
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 201, in run
    self.runLocal()
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 182, in runLocal
    handler.runLocal()
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 750, in runLocal
    if not valid and fetcher.validate(item, localpath):
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 408, in validate
    from smart.util.sha256 import sha256
ImportError: No module named sha256


Title: Re: VPN not working on EFW community 2.5.1
Post by: mmiat on Wednesday 11 December 2013, 12:04:38 am
do you have EFW 2.5.1 or 2.5.2? ossw is not compatible with 2.5.2


Title: Re: VPN not working on EFW community 2.5.1
Post by: mmiat on Saturday 05 July 2014, 11:06:10 pm
I tried to manually download and install packages from ossw repository with endian 2.5.2 and 3.0.0
some packages work, other no :(
so', for example, it's impossible to compile other software's sources


Title: Re: VPN not working on EFW community 2.5.1
Post by: mmiat on Thursday 21 May 2015, 05:22:56 pm
I use IPSec for lan-to-lan (or gw-to-gw) connections, but for roadwarriors I've installed softether (https://www.softether.org/) on a server and don't use Endian, it's ok for openvpn but bot works with pptp/l2tp/etc., even if I use ossw repository