SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2021-02-24 20:22 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0003042 | Endian Firewall | OpenVPN Client and Server | public | 2010-07-03 11:16 | 2010-09-23 13:45 | ||||
| Reporter | _thebishop_ | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | no change required | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.4 | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0003042: OpenVPN routing problem | ||||||||
| Description | Having a EFW 2.4 configured as OpenVPN Server and one EFW 2.4 configured as OpenVPN Client, from a station behind the Server EFW I can reach any destination behind Client EFW but not the Client EFW itself (having configured TCP/22 and TCP/10443 System Access from any VPN source). Note that with the same System Access rules on the EFW Server I can reach the EFW Server from a station behind the Client EFW. | ||||||||
| Additional Information | Could be related to http://bugs.endian.com/view.php?id=3018 [^] | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0004586) luca-endian (developer) 2010-07-05 07:56 |
enable firewall dropped packets and see if the firewall is blocking |
|
(0004587) _thebishop_ (reporter) 2010-07-05 08:43 |
OK, I've just tried it out: without logging the refused packets from efw.servernetwork I can ping and connect on station.clientnetwork but not to efw.clientnetwork. As I enabled the logging of the refused packets on efw.clientnetwork it started to accept the packets without any change in the firewall and VPN configuration !!! I've tried to ping and ssh on the efw.clientnetwork from efw.servernetwork and now it works. After I've disabled again the logging of the refused packets it still function correctly. Note that both the EFW has be upgraded to 2.4 from 2.2 version. Could it be some configuration mess during the upgrade process ? |
|
(0004590) peter-endian (administrator) 2010-07-05 16:11 |
how exactly did you do the upgrade? this and also 0003039 seem that there was no migration of configuration files during upgrade. you could try to manually start migrations: sh /etc/upgrade/upgrade.d/migration |
|
(0004598) _thebishop_ (reporter) 2010-07-05 17:14 |
I've upgraded with the efw-upgrade command line script (via ssh) using the stable branch. After the command succesfully upgraded the sysyem (no errors or warnings reported), I rebooted the systems from the web interface. I noted that also other settings have failed to migrate: HTTP, FTP, SMTP, POP3 proxies and content filtering configurations were all resetted and turned off and the content filtering by public blacklist no longer works on one of my EFW (the other has not configured any http proxy). I'll try to manually reissue the migration and let you know... |
|
(0004601) _thebishop_ (reporter) 2010-07-07 14:18 |
Ok, it returns: endian.smtpscan.migration.step__efw_smtpscan__2__2_3_40__0_endian10: OK endian.vpnclient.migration.step__efw_vpnclient__1__2_3_13__0_endian10: OK endian.firewallgui.migration.step__efw_firewall__2__2_3_48__0_endian18: OK endian.proxy.migration.step__efw_proxy__1__2_3_0__1_endian3: OK --- Found: 4 OK: 4 Now all the OpenVPN related issues are resolved. However this has disabled the HTTP proxy and messed up its configuiration (the others are still running and retained their configurations). The public URL blacklist content filtering still doesn't work. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-07-03 11:16 | _thebishop_ | New Issue | |
| 2010-07-05 07:56 | luca-endian | Note Added: 0004586 | |
| 2010-07-05 08:43 | _thebishop_ | Note Added: 0004587 | |
| 2010-07-05 16:09 | peter-endian | Relationship added | related to 0003039 |
| 2010-07-05 16:11 | peter-endian | Note Added: 0004590 | |
| 2010-07-05 16:11 | peter-endian | Status | new => feedback |
| 2010-07-05 17:14 | _thebishop_ | Note Added: 0004598 | |
| 2010-07-07 14:18 | _thebishop_ | Note Added: 0004601 | |
| 2010-09-23 13:45 | peter-endian | Status | feedback => closed |
| 2010-09-23 13:45 | peter-endian | Resolution | open => no change required |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |