-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > wrote: >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom >> wrote: >>> I'm basically getting what I had before: >>> >>> lan# ping VPNINTHOST >>> >>> fw# tcpdump -i eth0 host VPNGW 09:46:47.622220 IP MYIP.57800 > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:48.646222 IP >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 >>> 09:46:50.665662 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, >>> length 85 09:46:51.686162 IP MYIP.57800 > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:52.710196 IP >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 >>> 09:46:54.729324 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, >>> length 85 09:46:55.750166 IP MYIP.57800 > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:56.774188 IP >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 >>> 09:46:56.830549 IP VPNGWIP.openvpn > MYIP.57800: UDP, length >>> 69 >>> >>> and thats it. many packets go out, very few come back. >>> >>> The vpn works fine via an openvpn client connection through >>> NetworkManager on a local lan computer. But so far not having >>> luck setting it up on the firewall. >> This sounds like an OpenVPN routing problem. Have you compared >> the configurations you are using via NetworkManager and the CLI >> client? > > They were very close, I've now made them match and have the same > results. >
I suspect that in your OpenVPN config, you need to push a route to your local LAN, so that the remote endpoint knows to route traffic to that LAN through the VPN. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYiOvKAAoJEJbms/JCOk0QW5gP/2rWEO6t/s/0geZWEjCHOTqS wvhy1hEzvfvURr2Xw2eqmUevhTHjF45rkwRvc9d7lqrr6sdlNu/To+/nE/9AmK9m mECaEuoumkAAL1ZVOUgiQSkP3PTNbEAwgHWY88SC30MXB9sltYeeSUZJ2Qvozl4t Jt6qbiO2FOtSwV7oWYC6qudAMiJs71Aeld6yCsOgD9YAbZjk/4SCOj82Sp+R/vn7 DLQL/MCnLvAFxtbgAtgSOpMZ3v3caMPSCi1S9exmOCp5i9Tx7pw4/0RBv2Bm3q1R yj9fPrBCnx32C7iha+yKQlPgTcWmeEtRY59VYgcEOKT2OtUtlyfBPku+ag1yZrh4 wc8I31rUGJfrWdfJYt4kxCMhQgr6bAwkKBfvgzgYA67lZ9G41KXW+Wqo8NUCnKMk svt+GvGlixcdzkZscISOyyU/x1ygV2JgjfeM+ds51U2NQUjaFtcdn72B5zlh+fK9 1/aV9plgD/SLnStLXlecH8WXQQkDC64FVhyQNimpIPqOeTnl3hNPg06q0l6WxgFt jLuZ5CGBr5/GshA+oak8pl3Hd9yigekxThfwG8gUbuVmZoW9rYu5mk4ktt1e3VIz utogV3xu/3wjJ0elzTLYw9esAp6OADO6q788/nEg2sz9mOQ/8s1+7DkTvfAKdCom ySkb73AJ8L2DTznZybkD =1Owj -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users