Re: [Efw-user] OpenVPN isolated on Green?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Mike Tremaine wrote:
> Frode Marton Meling wrote:
>
>   
>>>   
>>>       
>> I have not looked at tcpdump yet.
>> I do not have Cisco switches, only HP.
>> The strange part is that the default gateway on green is pingable (so in 
>> my case 192.168.3.1 is pingable but 192.168.3.9 is not, when client have 
>> 192.168.3.60 as IPadress)
>> Looking forward to your research..
>>     
>
>
> I have not solved it on site yet and I'm heading out to lunch. BUT when I 
> brough up my test box and attached a laptop to the inside interface I was able 
> to ssh and ping through the vpn tunnel to it no problem. So I do not think 
> Endian's setup has anything to do with this. The production network has lots of 
> cisco switches and I think something is block or mis-directing traffic because 
> I can see almost everything accept the final reply coming back into the firewall.
>
> Just fyi I use this to connect to openvpn
>
> sudo /usr/sbin/openvpn --client --pull --comp-lzo --dev tap --ca 
> /home/mgt/.openvpn/kraken.pem --auth-user-pass --remote kraken
>
>
> Where the pem file is what I downloaded from the firewall. Nothing specially 
> there and it works fine on my simple test box.
>
> -Mike
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Efw-user mailing list
> Efw...@li...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>   

Strange... I tried with same settings as you, but I only get access to 
endians interface on Green interface.
if I ping another server on Green I get:
 From 192.168.3.60 icmp_seq=1 Destination Host Unreachable
 From 192.168.3.60 icmp_seq=2 Destination Host Unreachable

And it looks like my routing information is updated also. A route 
command says:
192.168.3.0     *               255.255.255.0   U     0      0        0 tap0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
default         192.168.3.1     0.0.0.0         UG    0      0        0 tap0
And 3.1 is my endian firewall..

PS! my klient is standard installed Kubuntu edgy 6.10 install.

/MartOn