SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003135: OpenVPN Gw2Gw site-to-site problem - MantisBT
MantisBT - Endian Firewall
View Issue Details
0003135Endian FirewallOpenVPN Client and Serverpublic2010-09-13 10:522010-09-20 13:55
IgorianT 
 
normalminoralways
closedno change required 
2.4 
 
0003135: OpenVPN Gw2Gw site-to-site problem
I have configured two EFW 2.4 in two sites, being one as OpenVPN server and Gw2Gw Client (Office) and the other one as OpenVPN Server (Main). The connection has been established and I can ping any machine inside the Main from the EFW console & desktop in Office.
But i can`t ping (RDP and others protocols don`t work) any machine inside the Office from the EFW console & desktop in Main lan.
I push the lan`s networks in both EFW in advanced options of OpenVPN Server and create VPN traffic rules in VPN Firewall
I try to add new connection gw2gw from Main to Office, they established but traffic from Main to Office don`t .
I make commands
sh /etc/upgrade/upgrade.d/migration
ewf-upgrade
I read all posts about VPN in www.efwsupport.com (http://www.efwsupport.com/index.php?topic=435.0 [^])......
No results.
I can't know why??
No tags attached.
related to 0002984closed peter-endian missing sudoers lines for triggers called when an openvpn user connects 
Issue History
2010-09-13 10:52IgorianTNew Issue
2010-09-13 13:38baldyNote Added: 0004716
2010-09-13 16:31baldyNote Added: 0004717
2010-09-14 08:01IgorianTNote Added: 0004719
2010-09-14 08:06baldyNote Added: 0004720
2010-09-14 09:03luca-endianNote Added: 0004721
2010-09-14 10:12baldyNote Added: 0004723
2010-09-14 10:33luca-endianNote Added: 0004725
2010-09-14 10:34luca-endianRelationship addedrelated to 0002984
2010-09-20 13:55peter-endianNote Added: 0004749
2010-09-20 13:55peter-endianStatusnew => closed
2010-09-20 13:55peter-endianResolutionopen => no change required

Notes
(0004716)
baldy   
2010-09-13 13:38   
Hi Igorian,

Both sites should be configured as Gw2Gw.

If you do a traceroute from one of the clients in Main to an ipaddress in Office where does it go to.
Does it go out through the gateway or the ipaddress assigned to the openvpn connection ?

It looks like only one side of the Gw2Gw connection is established.
(0004717)
baldy   
2010-09-13 16:31   
Also, can you post a route print of both main and office ?
(0004719)
IgorianT   
2010-09-14 08:01   
Hi baldy.
I configured both sites as Gw2Gw and make rules for VPN traffic in both firewalls but it don`t work. Traffic goes only to one direction from Office to Main.
Sorry but,i can`t print routes and tracerts, because now i configure VPN IPSec in both firewalls.
Sorry for my English.
(0004720)
baldy   
2010-09-14 08:06   
Igorian,

Should be no need to configure rules for VPN traffic.
If OpenVPN is configured correctly all traffic is automatically allowed between sites.
(0004721)
luca-endian   
2010-09-14 09:03   
> If OpenVPN is configured correctly all traffic is automatically allowed
> between sites.

I don't think so.. vpn firewall can block traffic between vpn clients
(0004723)
baldy   
2010-09-14 10:12   
If the firewall is configured. Out of the box all traffic is allowed over VPN.

Issue described looks like one of the sides does not connect so routes are not pushed/updated correctly.
(0004725)
luca-endian   
2010-09-14 10:33   
could be this:
http://bugs.endian.it/view.php?id=2984 [^]
(0004749)
peter-endian   
2010-09-20 13:55   
close, since target is reconfigured -> no chance to debug