EFW Support

Support => VPN Support => Topic started by: Alarith on Monday 02 August 2010, 06:44:14 pm



Title: OpenVPN gw2gw and routing troubles (not sudoers file)
Post by: Alarith on Monday 02 August 2010, 06:44:14 pm
Hi all,

I am having some trouble with OpenVPN gw2gw and routing. (I already fixed the sudoers issue with an upgrade).

I have two Firewalls each with it's own external access.

On the Orange Interface of both Firewalls is the 192.168.10.0/24 network with both some workstations and some server.
The servers use the 192.168.10.254 as their default gateway, the workstations use 192.168.10.253 as their gateway.
Now the VPN works fine between the workstations and the Client Network, but not between the servers and the client network.
I added a route to the .254 Firewall: 192.168.28.0/24 points to the .253.
But it is still not working. Somehow the asynchronous routing (packets from the server go to .254 then to .253 then out, but the answer packet goes directly from the .253 to the server) seems to mess things up. If I add a route to Firewall 2 : 192.168.10.0/25 to 192.168.10.254, it works for servers
from this network range, but the workstations in this area can't get into the internet anymore (asynchronous routing again).
It's probably some pretty silly error I am making, but I am working on this issue for a week now :).
Any help would be appreciated (And yes, I know I should use the green network :)).



                                           Client Network(192.168.28.0/24)
                                                     |
                                                  VPN GW
                                                     |
                                                 internet
                                                     |
                                                    |
Ext IP 1                                Ext IP2 (VPN GW)
Firewall 1                             Firewall 2                 
192.168.10.254                   192.168.10.253
          Orange\                          /Orange
                 Servers  +  Clients (192.168.10.0)

Kind regards

Ala