Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 11 December 2019, 04:21:18 am

Login with username, password and session length

Download the latest community FREE version  HERE
13964 Posts in 4252 Topics by 6023 Members
Latest Member: krunal
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  EFW 3.0.5 GW2GW setup
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 3.0.5 GW2GW setup  (Read 4887 times)
derick@replic8.co.bw
Full Member
***
Offline Offline

Posts: 13


« on: Thursday 03 December 2015, 08:38:26 pm »

Hi all


Just sticking this here in case anyone else runs into the same issues I have recently.

Say you have Site A being your OVPN server and Site B being your VPN client (or GW2GW server), here's what worked for us using 3.0.5:

1. Follow the instructions for the server (or site A) listed here: http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection

2. While you're at site A, copy the cert for use later at site B. The file you need is here (the cert we downloaded from the web UI did NOT work for some reason):
/etc/openvpn/ca/cacert.pem

3. At site B, edit /etc/openvpn/openvpnclient.conf.tmpl and change this:
custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

To this:
#custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"

No idea what that line is supposed to do/ not to do, but your VPN tunnel will not get established while that line is there. Assume it's a bug with 3.0.5.

4. At site B, run this (not sure if this step is absolutely necessary, but might as well run it anyways as it was listed as a suggestion elsewhere):
ln -s /sbin/ip /bin/ip

5. Reboot EFW at site B

6. Configure the site B server, again following the instructions for the client (or site B): http://help.endian.com/entries/20059443-SSL-VPN-How-to-Create-a-Net-to-Net-Connection
Just note that the certificate you need to select will be the cacert.pem file you copied earlier in step 2.


And that's it, the VPN tunnel should get established successfully.
Logged
Washimi
Jr. Member
*
Offline Offline

Posts: 1


« Reply #1 on: Wednesday 20 January 2016, 12:59:39 am »

I did connecting both sides (A on B and B on A) using the GUI provided certificate without any additional configuration on EFW. The only "trick" was: both sides run in VMs (ESX - VMware), so I allowed promiscuous mode on both sides green interfaces.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com