EFW Support

Support => VPN Support => Topic started by: Mussolini on Friday 09 January 2009, 05:56:24 am

Title: OpenVPN Gateway-to-Gateway routing problem
Post by: Mussolini on Friday 09 January 2009, 05:56:24 am
Hi all,

I've configured two EFW in two offices, being one as OpenVPN server (Office1) e the other one as OpenVPN client (Office2). The connection has been established and I can ping any machine inside the Office1 from the EFW console in Office2. But the problem is that the stations inside the office2 can't reach the stations inside the office1, I don't know why. From the EFW ok, I can reach any machine inside the office1, but from a station inside the office2 (behind EFW), I can't.
Is it a problem of routing ?  Firewall ?

I appreciate any help....

Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: saleemgeorge on Wednesday 18 February 2009, 05:44:31 am
Hello ..

I was also facing the same problem i can able to connect. 
i connected the vpn from site 1 to site 2 and it was established and when i log in to endian through ssh i can able to ping the other end (site2 )endian and all the system internal. but i can able to ping form the client in site1 but i cant able to ping to site 1 endian or any other system also.

For that make a connection form site2 to site1.  This will solve all your problem.

Now i can able to browse both site programs and it is stable


Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: titosca on Thursday 19 March 2009, 10:37:15 pm
Hello guys,

I already have the same problem and what i do to solve it follow bellow:

In the Endian that acts like VPN SERVER you have to put  in the advanced -> Global Push Options the following informations:

"Push these networks"

Put here the network of VPN SERVER. When a client connects in the server he will build the route table between the client and your network, in this way your client can see the machines behind the vpn server.

Don`t forget to push the nameservers too, it`s important if you are in AD topology.

Another thing is in the account properties. In the field Network Behind the Client you input the network behind that client, in this way your network that have the VPN SERVER will can see the network behind the client.

Sorry if my english is not that good. But i think you can understand.

My best regards,


Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: eXtr3me on Sunday 05 September 2010, 02:30:12 am
I had almost the same issue,
resolved it by using EFW1 as Client and Server
and EFW2 as Client and server
(2 Tunnels)
It Works,
clients can ping each others

Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: e-telligent on Sunday 19 September 2010, 09:52:50 pm

I successfully configure endian community 2.4 VPN Gw2Gw  with this configuration:

network1 -----> endian VPN server ----->  INTERNET -------> endian Gw2Gw Client -------> network2

-----> route -n  output if your vpn connection have problem.
-----> cat /etc/sudoers | grep 'openvpn'

Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: smk986 on Saturday 20 November 2010, 10:42:04 pm


eXtr3me is correct, though Endian does not recommend to setup like this with two tunnels....... but it does work very well! This does have one advantage that remote site is now running VPN server and can be connected to directly to diagnose other problem or for faster network connection as not going via primary VPN server link to access remote site if you are not local to primary network.

I have successfully setup a number of EFW Gw-2-Gw VPN systems using two tunnels to create a bidirectional VPN and all traffic passes perfectly from all connected LAN clients at each site to all LAN clients at remote site. (This even works for more than two remote networks in star pattern)

Endian does recommend that only one Gw-2-Gw be configured, but many users find traffic only pass in one direction. Solution is to ensure that the 'Account' being used on VPN server end has the network address for the remote network site in CDIR format i.e. '192.168.x.0/24' added into 'Networks behind client' option. This configures *local* routing entries on server side making the traffic to that subnet go to the VPN address of that client.
Note this only applies when using routed mode, and also using different subnet on each network site.

Thank you Simon.
SiTek NZ

Title: Re: OpenVPN Gateway-to-Gateway routing problem
Post by: TheEricHarris on Thursday 06 January 2011, 04:17:46 am
My issue was the VPN firewall being enabled.  Try disabling it (Firewall Tab - > VPN Traffic)

After disabling it, I was able to ping to my remote clients.

I only have one VPN connection going.  I also do as others suggested, putting x.x.x.0/24 for network behind client.  I also check NAT on the client options.