EFW Support

Support => VPN Support => Topic started by: baselbj on Monday 14 December 2015, 05:39:29 am


Title: OpenVPN can't ping clients
Post by: baselbj on Monday 14 December 2015, 05:39:29 am
I configured openvpn on endian firewall to connect using LDAP. I can connect using my windows user/pass and I can ping openvpn/efw server but I can't ping any other network hosts.

the efw accepts the ping request and I shutdown all hosts firewalls.

Server:
Code:
; daemon configuration for server default (1_0) server #1
daemon
mode server
tls-server
proto tcp
port 1194
tmp-dir /var/tmp

multihome
user openvpn
group openvpn

cd /var/openvpn
; client-config-dir clients

script-security 3

; tunnel configuration
dev tap0
; bridge to GREEN
server-bridge 192.168.1.4 255.255.255.0 192.168.1.150 192.168.1.155
push "route-gateway 192.168.1.4"

; push VPN network splitted

client-to-client
; push global networks
push "route 192.168.1.0 255.255.255.0"

passtos
comp-lzo
management 127.0.0.1 5555
keepalive 5 30

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
;persist-local-ip
;persist-remote-ip

bcast-buffers 4096

; logging and status

writepid /var/run/openvpn/openvpn.1.pid
ifconfig-pool-persist openvpn.1.leases
status /tmp/openvpn-status.1.log 30
status-version 2

log openvpn.1.log
log-append openvpn.1.log
verb 4

client-connect "/usr/local/bin/openvpn-client-connect"
client-disconnect "/usr/local/bin/openvpn-client-disconnect"
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.server.d/"
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.server.d/"

; certificates and authentication

dh /var/efw/openvpn/dh1024.pem
cert "/var/efw/vpn/ca/certs/sham.comcert.pem"
key "/var/efw/vpn/ca/certs/sham.comkey.pem"
ca "/var/efw/vpn/ca/cacerts/cacert.pem"

duplicate-cn

client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
;auth-user-pass-verify "/usr/bin/openvpn-auth-user-pass" via-env
username-as-common-name
Settings:
Code:
AUTHENTICATION_STACK=ldap,local
CA_FILENAME=cacert.pem
CERT_FILENAME=sham.comcert.pem
LDAP_BIND_DN=cn=Administrator,cn=Users,dc=sham,dc=com
LDAP_BIND_PASSWORD=the pass
LDAP_FILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s))
LDAP_URI=ldap://192.168.1.2
LDAP_USER_BASEDN=cn=Users,dc=sham,dc=com
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountNa$
OPENVPN_ENABLED=on
Client:

Code:
client
dev tap
proto tcp
remote shamconsultancy.ddns.net 1194
resolv-retry infinite
ca cacert.pem
resolv-retry infinite
persist-key
persist-tun
auth-user-pass
comp-lzo
auth-nocache
nobind
verb 3


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media