Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 14 July 2020, 08:31:54 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14011 Posts in 4271 Topics by 6110 Members
Latest Member: eleolo
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  EFW 3.0.5 GW2GW setup
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 3.0.5 GW2GW setup  (Read 5136 times)
Full Member
Offline Offline

Posts: 13

« on: Thursday 03 December 2015, 08:38:26 pm »

Hi all

Just sticking this here in case anyone else runs into the same issues I have recently.

Say you have Site A being your OVPN server and Site B being your VPN client (or GW2GW server), here's what worked for us using 3.0.5:

1. Follow the instructions for the server (or site A) listed here: http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection

2. While you're at site A, copy the cert for use later at site B. The file you need is here (the cert we downloaded from the web UI did NOT work for some reason):

3. At site B, edit /etc/openvpn/openvpnclient.conf.tmpl and change this:
custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

To this:
#custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

No idea what that line is supposed to do/ not to do, but your VPN tunnel will not get established while that line is there. Assume it's a bug with 3.0.5.

4. At site B, run this (not sure if this step is absolutely necessary, but might as well run it anyways as it was listed as a suggestion elsewhere):
ln -s /sbin/ip /bin/ip

5. Reboot EFW at site B

6. Configure the site B server, again following the instructions for the client (or site B): http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection
Just note that the certificate you need to select will be the cacert.pem file you copied earlier in step 2.

And that's it, the VPN tunnel should get established successfully.
Jr. Member
Offline Offline

Posts: 1

« Reply #1 on: Wednesday 20 January 2016, 12:59:39 am »

I did connecting both sides (A on B and B on A) using the GUI provided certificate without any additional configuration on EFW. The only "trick" was: both sides run in VMs (ESX - VMware), so I allowed promiscuous mode on both sides green interfaces.
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.034 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com