Re: [Efw-user] openvpn through endian 2.1.2 - issue
Yep... On Nov 17, 2007 6:12 AM, yylaw [EMAIL PROTECTED] wrote: Have you make a rule on the outgoing firewall to allow such access (udp 1194)? Charles Law Tom Bishop wrote: No thats not the issue, I am using the endian open vpn server for clients coming into me, but i have users on the green side that are trying to connect to other openvpn servers on the outside, so they are using the client openvpn s/w running from the green trying to connect through the firewall to other sites, and for some reasons I never see the return packets...so the tunnel is not coming up. On Nov 16, 2007 11:53 AM, Neobiker [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: i understand that you don't want to use the openvpn server from endian, but from another server in GREEN? Did you setup the correct portforwarding rules (which) on Endian? neobiker Tom Bishop-2 wrote: I emailed this once before but thought I would try one more time. I am currently testing/evaluating endian to possible purchase for our church. I have been very pleased and have most everything working but the one issue that I am having that I can't solve is that when I try to use openvpn from a PC behind the firewall it does not work. I have tried turning off everything that I could think of but no go, I see the packet hit the logs but never a return packet. If I remove the firewall and put in place a lowly linksys NAT box, all works fine. So my question is, is there a way to debug this from the cli and see if it is getting dropped somewhere? I have looked at the iptables rules and was thinking of adding some log statements but not sure what the best approach might be. Thanks in advanced.. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user -- View this message in context: http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 Sent from the efw-user mailing list archive at Nabble.com http://Nabble.com. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] openvpn through endian 2.1.2 - issue
If you get the subnet mask wrong on any interface, you can have weird issues... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Bishop Sent: Saturday, November 17, 2007 5:50 PM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] openvpn through endian 2.1.2 - issue Yep... On Nov 17, 2007 6:12 AM, yylaw [EMAIL PROTECTED] wrote: Have you make a rule on the outgoing firewall to allow such access (udp 1194)? Charles Law Tom Bishop wrote: No thats not the issue, I am using the endian open vpn server for clients coming into me, but i have users on the green side that are trying to connect to other openvpn servers on the outside, so they are using the client openvpn s/w running from the green trying to connect through the firewall to other sites, and for some reasons I never see the return packets...so the tunnel is not coming up. On Nov 16, 2007 11:53 AM, Neobiker [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: i understand that you don't want to use the openvpn server from endian, but from another server in GREEN? Did you setup the correct portforwarding rules (which) on Endian? neobiker Tom Bishop-2 wrote: I emailed this once before but thought I would try one more time. I am currently testing/evaluating endian to possible purchase for our church. I have been very pleased and have most everything working but the one issue that I am having that I can't solve is that when I try to use openvpn from a PC behind the firewall it does not work. I have tried turning off everything that I could think of but no go, I see the packet hit the logs but never a return packet. If I remove the firewall and put in place a lowly linksys NAT box, all works fine. So my question is, is there a way to debug this from the cli and see if it is getting dropped somewhere? I have looked at the iptables rules and was thinking of adding some log statements but not sure what the best approach might be. Thanks in advanced.. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user -- View this message in context: http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797 867 http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797 867 Sent from the efw-user mailing list archive at Nabble.com http://Nabble.com. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] openvpn through endian 2.1.2 - issue
Check the internal IP address range to see if there is any conflict. i.e. if your internal LAN uses 192.168.1.0/24 (also check orange and blue if you have), the internal network (and also blue and orange) on the other openvpn server side should not be using this range. CL Tom Bishop wrote: Yep... On Nov 17, 2007 6:12 AM, yylaw [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Have you make a rule on the outgoing firewall to allow such access (udp 1194)? Charles Law Tom Bishop wrote: No thats not the issue, I am using the endian open vpn server for clients coming into me, but i have users on the green side that are trying to connect to other openvpn servers on the outside, so they are using the client openvpn s/w running from the green trying to connect through the firewall to other sites, and for some reasons I never see the return packets...so the tunnel is not coming up. On Nov 16, 2007 11:53 AM, Neobiker [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: i understand that you don't want to use the openvpn server from endian, but from another server in GREEN? Did you setup the correct portforwarding rules (which) on Endian? neobiker Tom Bishop-2 wrote: I emailed this once before but thought I would try one more time. I am currently testing/evaluating endian to possible purchase for our church. I have been very pleased and have most everything working but the one issue that I am having that I can't solve is that when I try to use openvpn from a PC behind the firewall it does not work. I have tried turning off everything that I could think of but no go, I see the packet hit the logs but never a return packet. If I remove the firewall and put in place a lowly linksys NAT box, all works fine. So my question is, is there a way to debug this from the cli and see if it is getting dropped somewhere? I have looked at the iptables rules and was thinking of adding some log statements but not sure what the best approach might be. Thanks in advanced.. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user -- View this message in context: http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 Sent from the efw-user mailing list archive at Nabble.com http://Nabble.com http://Nabble.com. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
Re: [Efw-user] openvpn through endian 2.1.2 - issue
All subnets good, the problem is I never see any reply's coming back, so the packets are not actually making it out or being dropped coming back in... On Nov 17, 2007 9:09 PM, yylaw [EMAIL PROTECTED] wrote: Check the internal IP address range to see if there is any conflict. i.e. if your internal LAN uses 192.168.1.0/24 (also check orange and blue if you have), the internal network (and also blue and orange) on the other openvpn server side should not be using this range. CL Tom Bishop wrote: Yep... On Nov 17, 2007 6:12 AM, yylaw [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Have you make a rule on the outgoing firewall to allow such access (udp 1194)? Charles Law Tom Bishop wrote: No thats not the issue, I am using the endian open vpn server for clients coming into me, but i have users on the green side that are trying to connect to other openvpn servers on the outside, so they are using the client openvpn s/w running from the green trying to connect through the firewall to other sites, and for some reasons I never see the return packets...so the tunnel is not coming up. On Nov 16, 2007 11:53 AM, Neobiker [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: i understand that you don't want to use the openvpn server from endian, but from another server in GREEN? Did you setup the correct portforwarding rules (which) on Endian? neobiker Tom Bishop-2 wrote: I emailed this once before but thought I would try one more time. I am currently testing/evaluating endian to possible purchase for our church. I have been very pleased and have most everything working but the one issue that I am having that I can't solve is that when I try to use openvpn from a PC behind the firewall it does not work. I have tried turning off everything that I could think of but no go, I see the packet hit the logs but never a return packet. If I remove the firewall and put in place a lowly linksys NAT box, all works fine. So my question is, is there a way to debug this from the cli and see if it is getting dropped somewhere? I have looked at the iptables rules and was thinking of adding some log statements but not sure what the best approach might be. Thanks in advanced.. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user -- View this message in context: http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 Sent from the efw-user mailing list archive at Nabble.com http://Nabble.com http://Nabble.com. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net mailto: Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] openvpn through endian 2.1.2 - issue
No thats not the issue, I am using the endian open vpn server for clients coming into me, but i have users on the green side that are trying to connect to other openvpn servers on the outside, so they are using the client openvpn s/w running from the green trying to connect through the firewall to other sites, and for some reasons I never see the return packets...so the tunnel is not coming up. On Nov 16, 2007 11:53 AM, Neobiker [EMAIL PROTECTED] wrote: i understand that you don't want to use the openvpn server from endian, but from another server in GREEN? Did you setup the correct portforwarding rules (which) on Endian? neobiker Tom Bishop-2 wrote: I emailed this once before but thought I would try one more time. I am currently testing/evaluating endian to possible purchase for our church. I have been very pleased and have most everything working but the one issue that I am having that I can't solve is that when I try to use openvpn from a PC behind the firewall it does not work. I have tried turning off everything that I could think of but no go, I see the packet hit the logs but never a return packet. If I remove the firewall and put in place a lowly linksys NAT box, all works fine. So my question is, is there a way to debug this from the cli and see if it is getting dropped somewhere? I have looked at the iptables rules and was thinking of adding some log statements but not sure what the best approach might be. Thanks in advanced.. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- View this message in context: http://www.nabble.com/openvpn-through-endian-2.1.2---issue-tf4821479.html#a13797867 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user