OpenVPN and SUSEFirewall2
Hi I need a hint as to what can cause these symptoms. I've set up an OpenVPN tunnel from an external laptop to a net through a SUSE Firewall 2. I can ping the firewall and all machines on the net from the external laptop. I can ssh to the firewall on the internal address, ie the address used on the net. But I can't ssh to the other machines on the net (or do anything else meaningful) The fact that I can ping the internal machines gives me that the route is correct and that there's a hole for the tunnel through the firewall. It could look like a protocol thing. But I can't see anye settings that would allow ICMP and block TCP. Am I missing a vital setting? Next step would be to debug w/ethereal or tcpdump. I'd just like to see if someone had been there before me.
Kaare Rasmussen wrote:
Hi I need a hint as to what can cause these symptoms. I've set up an OpenVPN tunnel from an external laptop to a net through a SUSE Firewall 2. I can ping the firewall and all machines on the net from the external laptop. I can ssh to the firewall on the internal address, ie the address used on the net. But I can't ssh to the other machines on the net (or do anything else meaningful) The fact that I can ping the internal machines gives me that the route is correct and that there's a hole for the tunnel through the firewall. It could look like a protocol thing. But I can't see anye settings that would allow ICMP and block TCP. Am I missing a vital setting? Next step would be to debug w/ethereal or tcpdump. I'd just like to see if someone had been there before me.
Does the VPN terminate on the firewall or on a computer behind the firewall? If the latter, you'll have to set up a route back to the remote computer. If it terminates on the firewall, the default route pointing to the firewall should work.
Does the VPN terminate on the firewall or on a computer behind the firewall? If the latter, you'll have to set up a route back to the remote computer. If it terminates on the firewall, the default route pointing to the firewall should work.
It terminates on the firewall. But as you can see from the original post, the routing is not the problem, as I can ping from the laptop (on the outside) to every server on the inside (and receive an answer...)
On Thu, 13 Oct 2005 23:14, Kaare Rasmussen wrote:
Hi
I need a hint as to what can cause these symptoms.
I've set up an OpenVPN tunnel from an external laptop to a net through a SUSE Firewall 2.
I can ping the firewall and all machines on the net from the external laptop. I can ssh to the firewall on the internal address, ie the address used on the net.
But I can't ssh to the other machines on the net (or do anything else meaningful)
The fact that I can ping the internal machines gives me that the route is correct and that there's a hole for the tunnel through the firewall.
It could look like a protocol thing. But I can't see anye settings that would allow ICMP and block TCP. Am I missing a vital setting?
Next step would be to debug w/ethereal or tcpdump. I'd just like to see if someone had been there before me.
I think it might be this setting from memory FW_ALLOW_CLASS_ROUTING="yes" -- Regards, Graham Smith
participants (3)
-
Graham Smith -
James Knott -
Kaare Rasmussen