|
Title: EFW 3.0.5 GW2GW setup Post by: derick@replic8.co.bw on Thursday 03 December 2015, 08:38:26 pm Hi all
Just sticking this here in case anyone else runs into the same issues I have recently. Say you have Site A being your OVPN server and Site B being your VPN client (or GW2GW server), here's what worked for us using 3.0.5: 1. Follow the instructions for the server (or site A) listed here: http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection 2. While you're at site A, copy the cert for use later at site B. The file you need is here (the cert we downloaded from the web UI did NOT work for some reason): /etc/openvpn/ca/cacert.pem 3. At site B, edit /etc/openvpn/openvpnclient.conf.tmpl and change this: custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/" To this: #custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/" No idea what that line is supposed to do/ not to do, but your VPN tunnel will not get established while that line is there. Assume it's a bug with 3.0.5. 4. At site B, run this (not sure if this step is absolutely necessary, but might as well run it anyways as it was listed as a suggestion elsewhere): ln -s /sbin/ip /bin/ip 5. Reboot EFW at site B 6. Configure the site B server, again following the instructions for the client (or site B): http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection Just note that the certificate you need to select will be the cacert.pem file you copied earlier in step 2. And that's it, the VPN tunnel should get established successfully. Title: Re: EFW 3.0.5 GW2GW setup Post by: Washimi on Wednesday 20 January 2016, 12:59:39 am I did connecting both sides (A on B and B on A) using the GUI provided certificate without any additional configuration on EFW. The only "trick" was: both sides run in VM´s (ESX - VMware), so I allowed promiscuous mode on both sides green interfaces.
|