Update: I added port 22 for external access and I cannot access public IP
via SSH from outside of network. However, if I ssh into a server on LAN (
192.168.1.0) going through Linksys router WAN (210.x.x.x) I can then SSH
210.x.x.x into efw box. The efw box has its own public IP as does the
Linksys box all within the same range that was given to me by ISP.
My setup now is as follows:
EFW RED: 210.x.x.x
EFW GREEN: 10.10.7.1
EFW DHCP: 10.10.7.100 to 10.10.7.120
EFW OpenVPN: 10.10.7.150 to 10.10.7.165
I still can't connect via VPN. I can provide any needed info to further
troubleshooting.
Toby.
On Dec 5, 2007 9:13 AM, toby <[EMAIL PROTECTED]> wrote:
> I have tried and i cannot connect. I am going to verify I have added port
> 22 for external access as comp-doc suggested. I thought I had made this
> change but we shall see.
>
> Toby.
>
> On Dec 4, 2007 11:08 AM, Kenton and Saundi Brown <[EMAIL PROTECTED]>
> wrote:
>
> > I do now if using an external dhcp will have an affect. I am using the
> > efw dhcp. Are you able to test it from outside the local lan via a public
> > connection using the red interface IP?
> >
> >
> >
> > On 12/3/07, toby <[EMAIL PROTECTED]> wrote:
> > >
> > > I followed the KB and i still can't connect. I am not using EFW's DHCP
> > > server. Does that matter? I continue to get the same error messages that I
> > > posted earlier.
> > >
> > > "
> > > Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to
> > > occur within 60 seconds (check your network connectivity)
> > > Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed
> > > Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket
> > > Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process
> > > restarting
> > > Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s)
> > > "
> > > I've included an ASCII network diagram below.
> > >
> > > EFW Router
> > > |
> > > |
> > > |
> > > ------------------------------------------------------
> > > | |
> > > Red Green
> > > (201.x.x.x) (192.168.1.5)
> > > | |
> > > ISP Modem 10/100 Switch
> > > |
> > > Workstations,
> > > Linksys Router w/ 4-port switch (LAN side)
> > >
> > > NOTE: Green is plugged into Linksys router's 4-port switch side so it
> > > can communicate with other machines on 192.168.1.0 network. The
> > > Linksys is also the DHCP server as of now. Another thing to note is that i
> > > have 4 public IPs from network provider so EFW has its own public IP as
> > > does
> > > the Linksys.
> > >
> > >
> > > Thoughts?
> > >
> > > Toby.
> > >
> > >
> > > On Dec 3, 2007 5:06 AM, <[EMAIL PROTECTED]> wrote:
> > >
> > > > It took me several hours to get VPN working. I finally found the KB
> > > > article: http://kb.endian.com/entry/12/ which works exactly as
> > > > written. This eliminated one area for troubleshooting. I copied the
> > > > certificate and named it the same as the article although the name
> > > > makes no
> > > > difference as long as it matches the conf file.
> > > >
> > > > As you must already know the openvpn section of efw must have an ip
> > > > range set outside of your dynamic range. Of course it is in the same
> > > > range
> > > > as your green interface.
> > > >
> > > > I was trying to connect my vpn from my machine on my green interface
> > > > to my public red interface public address. This did not work with the
> > > > same
> > > > error you are getting. I then changed the server in the client.ovpnto
> > > > my green interface ip and then connect my machine to a wireless gateway
> > > > router. This put me on a different subnet than my green interface. The
> > > > gateway router wan connector was connected to the green interface via a
> > > > switch. I was then able to make a vpn connection. Next I put the
> > > > gateway
> > > > wireless router on a public interface giving the wan connector a public
> > > > ip
> > > > address. I made a new config for connecting from outside my network
> > > > via a
> > > > public interface by changing the server parameter in the ovpn file to
> > > > my red
> > > > interface public ip address. Now I could make a vpn connection from the
> > > > public side of my system. I have two ovpn files. One for connecting
> > > > within
> > > > my private net and one for connecting from the public.
> > > >
> > > > The other issue I had to overcome was windows vista. I finally
> > > > noticed that openvpn has a vista release canidate version. I do not
> > > > know if
> > > > the xp version would work on vista or not as I had already upgraded
> > > > before I
> > > > fixed my other issues.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > toby-35 wrote:
> > > > >
> > > > > Hello all,
> > > > >
> > > > > I recently installed Endian 2.1.2 community edition and my hope is
> > > > to use
> > > > > it
> > > > > to replace my existing OpenVPN server that is currently being used
> > > > as a
> > > > > file
> > > > > server as well. I went throught the OpenVPN configuration process,
> > > > > downloaded cert and created client.ovpn configuration file (see
> > > > below) and
> > > > > I
> > > > > get the following error message (also, see below) What have I
> > > > missed?
> > > > >
> > > > > client.ovpn (using Windows XP OpenVPN GUI client)
> > > > > client
> > > > > dev tun
> > > > > proto udp
> > > > > remote 201.x.x.x
> > > > > resolv-retry infinite
> > > > > nobind
> > > > > persist-key
> > > > > persist-tun
> > > > > ca cacert.pem
> > > > > auth-user-pass
> > > > > comp-lzo
> > > > >
> > > > > error message (received on client)
> > > > > Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
> > > > built on
> > > > > Oct 1 2
> > > > > 006
> > > > > Enter Auth Username:test
> > > > > Enter Auth Password:
> > > > > Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number
> > > > is now
> > > > > 1194, b
> > > > > ased on an official port number assignment by IANA. OpenVPN
> > > > 2.0-beta16
> > > > > and
> > > > > earl
> > > > > ier used 5000 as the default port.
> > > > > Thu Nov 29 10:25:02 2007 WARNING: No server certificate
> > > > verification
> > > > > method
> > > > > has
> > > > > been enabled. See http://openvpn.net/howto.html#mitm for more
> > > > info.
> > > > > Thu Nov 29 10:25:02 2007 LZO compression initialized
> > > > > Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef]
> > > > > Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194
> > > > >
> > > > > I later added, ns-cert-type server, to server log to resolve the
> > > > warning
> > > > > message. Now I connection output looks like the following:
> > > > >
> > > > > Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
> > > > built on
> > > > > Oct
> > > > > 1 2
> > > > > 006
> > > > > Enter Auth Username:test
> > > > > Enter Auth Password:
> > > > > Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number
> > > > is now
> > > > > 1194, b
> > > > > ased on an official port number assignment by IANA. OpenVPN
> > > > 2.0-beta16
> > > > > and
> > > > > earl
> > > > > ier used 5000 as the default port.
> > > > > Thu Nov 29 10:28:08 2007 LZO compression initialized
> > > > > Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef]
> > > > > Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194
> > > > > Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to
> > > > occur
> > > > > within 6
> > > > > 0 seconds (check your network connectivity)
> > > > > Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed
> > > > > Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process
> > > > > restarting
> > > > > Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number
> > > > is now
> > > > > 1194, b
> > > > > ased on an official port number assignment by IANA. OpenVPN
> > > > 2.0-beta16
> > > > > and
> > > > > earl
> > > > > ier used 5000 as the default port.
> > > > > Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context
> > > > > Thu Nov 29 10:29:10 2007 LZO compression initialized
> > > > > Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef]
> > > > > Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194
> > > > >
> > > > > Also, my current OpenVPN server works and is on a different public
> > > > IP and
> > > > > it
> > > > > is not connected to Endian FW. I want to replace current OpenVPN
> > > > server
> > > > > with
> > > > > Endian FW as it provides more features (content filtering, proxy,
> > > > etc.)
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Toby.
> > > > >
> > > > >
> > > > -------------------------------------------------------------------------
> > > > > SF.Net email is sponsored by: The Future of Linux Business White
> > > > Paper
> > > > > from Novell. From the desktop to the data center, Linux is going
> > > > > mainstream. Let it simplify your IT future.
> > > > > http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> > > > > _______________________________________________
> > > > > Efw-user mailing list
> > > > > Efw-user@lists.sourceforge.net
> > > > > https://lists.sourceforge.net/lists/listinfo/efw-user
> > > > >
> > > > >
> > > > Quoted from:
> > > >
> > > > http://www.nabble.com/New-efw-2.1.2-installation-unable-to-OpenVPN-tf4898373.html#a14029570
> > > >
> > > >
> > >
> >
> >
> > --
> > Kenton and Saundi Brown
> > Missionaries to Honduras
>
>
>
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
