Mailinglist Archive: opensuse (3622 mails)
| < Previous | Next > |
[opensuse] SuSEfirewall2 problem with OpenVPN
- From: "LLLActive@xxxxxxx" <LLLActive@xxxxxxx>
- Date: Fri, 20 Jun 2008 15:34:04 +0200
- Message-id: <485BB1CC.6000600@xxxxxxx>
Hi everyone,
I have OpenVPN working correctly on openSUSE 10.3.
### Setup: ###
-openSUSE Server side-
Network (192.168.0.0/24)
Default-GW - FW with OpenVPN (IP 192.168.0.1)
* OpenVPN (Server net 10.8.0.0/24, inet addr:10.8.0.1 P-t-P:10.8.0.2)
-openSUSE Client Network Side-
Network (192.168.1.0/24)
Default-GW - FW with OpenVPN (IP 192.168.1.1)
* OpenVPN (Client net 10.8.0.0/24, inet addr:10.8.0.6 P-t-P:10.8.0.5)
FW: SuSEfirewall2
* VPN works from both Server to Client and Client to Server.
### Test ###
Ping on the client side:
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=19.1 ms
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 -
10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server
192.168.0.100 works.
BUT:
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 -
10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server
192.168.0.174 does not work.
AND:
i.e.: ping from GW 192.168.0.1 --> VPN 10.8.0.1 - 10.8.0.2 --> 10.8.0.5
- 10.0.8.6 VPN --> GW 192.168.1.1 --> Client Network does not work.
Clients can reach OpenVPN network [net 10.8.0.0/24, server 10.8.0.1 &
client 10.8.0.6].
Server can reach OpenVPN network [net 10.8.0.0/24, client 10.8.0.6 &
server 10.8.0.1].
The Server OpenVPN and Client OpenVPN can ping each other.
The server cannot reach the client network or machines behind it at all.
Clients can reach the Server GW1 (192.168.0.1) on the network
(192.168.0.0/24),
but none of the other Servers on the same subnet.
I've added these IP Tables part on the server for the tun0 interfaces on
both Server and Client:
(/etc/sysconfig/scripts/SuSEfirewall2-custom)
# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
# Allow TAP interface connections to OpenVPN server
iptables -A INPUT -i tap+ -j ACCEPT
# Allow TAP interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tap+ -j ACCEPT
(from: http://openvpn.net/faq.html#firewall)
I've read the OpenVPN documents, but something is still missing.
This seems to be a SuSEfirewall2 config problem. Any insights are welcome.
TIA
:-)
Al
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I have OpenVPN working correctly on openSUSE 10.3.
### Setup: ###
-openSUSE Server side-
Network (192.168.0.0/24)
Default-GW - FW with OpenVPN (IP 192.168.0.1)
* OpenVPN (Server net 10.8.0.0/24, inet addr:10.8.0.1 P-t-P:10.8.0.2)
-openSUSE Client Network Side-
Network (192.168.1.0/24)
Default-GW - FW with OpenVPN (IP 192.168.1.1)
* OpenVPN (Client net 10.8.0.0/24, inet addr:10.8.0.6 P-t-P:10.8.0.5)
FW: SuSEfirewall2
* VPN works from both Server to Client and Client to Server.
### Test ###
Ping on the client side:
From (GW2) # 192.168.1.1 ping 192.168.0.1 (GW1)PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=19.1 ms
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 -
10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server
192.168.0.100 works.
BUT:
From (GW2) # 192.168.1.1 ping 192.168.0.174 (Server)PING 192.168.0.174 (192.168.0.174) 56(84) bytes of data.
From 10.8.0.1: icmp_seq=1 Destination Protocol Unreachable
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 -
10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server
192.168.0.174 does not work.
AND:
From (GW1) # 192.168.0.1 ping 192.168.1.1 (GW2)PING 192.168.1.1 (192.168.0.1) 56(84) bytes of data.
From 10.8.0.1: icmp_seq=1 Destination Protocol Unreachable
i.e.: ping from GW 192.168.0.1 --> VPN 10.8.0.1 - 10.8.0.2 --> 10.8.0.5
- 10.0.8.6 VPN --> GW 192.168.1.1 --> Client Network does not work.
Clients can reach OpenVPN network [net 10.8.0.0/24, server 10.8.0.1 &
client 10.8.0.6].
Server can reach OpenVPN network [net 10.8.0.0/24, client 10.8.0.6 &
server 10.8.0.1].
The Server OpenVPN and Client OpenVPN can ping each other.
The server cannot reach the client network or machines behind it at all.
Clients can reach the Server GW1 (192.168.0.1) on the network
(192.168.0.0/24),
but none of the other Servers on the same subnet.
I've added these IP Tables part on the server for the tun0 interfaces on
both Server and Client:
(/etc/sysconfig/scripts/SuSEfirewall2-custom)
# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
# Allow TAP interface connections to OpenVPN server
iptables -A INPUT -i tap+ -j ACCEPT
# Allow TAP interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tap+ -j ACCEPT
(from: http://openvpn.net/faq.html#firewall)
I've read the OpenVPN documents, but something is still missing.
This seems to be a SuSEfirewall2 config problem. Any insights are welcome.
TIA
:-)
Al
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |