On Wednesday, January 25, 2017 12:08:36 PM MST Thomas Fjellstrom wrote: > On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote: > > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote: > > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez > > > > > > wrote: > > >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom > > >> > > >> wrote: > > >>> I'm basically getting what I had before: > > >>> > > >>> lan# ping VPNINTHOST > > >>> > > >>> fw# tcpdump -i eth0 host VPNGW 09:46:47.622220 IP MYIP.57800 > > > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:48.646222 IP > > >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 > > >>> 09:46:50.665662 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, > > >>> length 85 09:46:51.686162 IP MYIP.57800 > > > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:52.710196 IP > > >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 > > >>> 09:46:54.729324 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, > > >>> length 85 09:46:55.750166 IP MYIP.57800 > > > >>> 149.56.251.50.openvpn: UDP, length 85 09:46:56.774188 IP > > >>> MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85 > > >>> 09:46:56.830549 IP VPNGWIP.openvpn > MYIP.57800: UDP, length > > >>> 69 > > >>> > > >>> and thats it. many packets go out, very few come back. > > >>> > > >>> The vpn works fine via an openvpn client connection through > > >>> NetworkManager on a local lan computer. But so far not having > > >>> luck setting it up on the firewall. > > >> > > >> This sounds like an OpenVPN routing problem. Have you compared > > >> the configurations you are using via NetworkManager and the CLI > > >> client? > > > > > > They were very close, I've now made them match and have the same > > > results. > > > > I suspect that in your OpenVPN config, you need to push a route to > > your local LAN, so that the remote endpoint knows to route traffic to > > that LAN through the VPN. > > Routes are getting pushed from the vpn server, and being setup on the > firewall, and pings from a lan host get sent out over the vpn connection, > which can be seen from the tcpdump log as traveling over the openvpn port > on the wan connection. > > I've been looking at various openvpn guides and such, but so far there > doesn't seem to be a way for me to push up a route to the server if it isnt > already configured to allow it.
Ok, a quick check shows the firewall can ping and recieves responses, but I presume its just comming back from tun0. I presume I have the wrong masq settings? I haven't really figured what interface and source I should be using. $NET_IF VPN_NET or tun0 VPN_NET ? > > -Tom > > -- > > Tom Eastep \ When I die, I want to go like my Grandfather who > > Shoreline, \ died peacefully in his sleep. Not screaming like > > Washington, USA \ all of the passengers in his car > > http://shorewall.net \________________________________________________ > > > > -------------------------------------------------------------------------- > > -- -- Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Thomas Fjellstrom tho...@fjellstrom.ca ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
