SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003042: OpenVPN routing problem - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003042Endian FirewallOpenVPN Client and Serverpublic2010-07-03 11:162010-09-23 13:45
Assigned To 
StatusclosedResolutionno change required 
PlatformOSOS Version
Product Version2.4 
Target VersionFixed in Version 
Summary0003042: OpenVPN routing problem
DescriptionHaving a EFW 2.4 configured as OpenVPN Server and one EFW 2.4 configured as OpenVPN Client, from a station behind the Server EFW I can reach any destination behind Client EFW but not the Client EFW itself (having configured TCP/22 and TCP/10443 System Access from any VPN source).

Note that with the same System Access rules on the EFW Server I can reach the EFW Server from a station behind the Client EFW.
Additional InformationCould be related to [^]
TagsNo tags attached.
Attached Files

- Relationships
related to 0003039feedback OpenVPN Client problem updating from 2.2 to 2.4 EFW 

-  Notes
luca-endian (developer)
2010-07-05 07:56

enable firewall dropped packets and see if the firewall is blocking
_thebishop_ (reporter)
2010-07-05 08:43

OK, I've just tried it out: without logging the refused packets from efw.servernetwork I can ping and connect on station.clientnetwork but not to efw.clientnetwork.

As I enabled the logging of the refused packets on efw.clientnetwork it started to accept the packets without any change in the firewall and VPN configuration !!!

I've tried to ping and ssh on the efw.clientnetwork from efw.servernetwork and now it works. After I've disabled again the logging of the refused packets it still function correctly.

Note that both the EFW has be upgraded to 2.4 from 2.2 version.
Could it be some configuration mess during the upgrade process ?
peter-endian (administrator)
2010-07-05 16:11

how exactly did you do the upgrade?

this and also 0003039 seem that there was no migration of configuration files during upgrade.

you could try to manually start migrations:

sh /etc/upgrade/upgrade.d/migration

_thebishop_ (reporter)
2010-07-05 17:14

I've upgraded with the efw-upgrade command line script (via ssh) using the stable branch.

After the command succesfully upgraded the sysyem (no errors or warnings reported), I rebooted the systems from the web interface.

I noted that also other settings have failed to migrate: HTTP, FTP, SMTP, POP3 proxies and content filtering configurations were all resetted and turned off and the content filtering by public blacklist no longer works on one of my EFW (the other has not configured any http proxy).

I'll try to manually reissue the migration and let you know...
_thebishop_ (reporter)
2010-07-07 14:18

Ok, it returns:

endian.smtpscan.migration.step__efw_smtpscan__2__2_3_40__0_endian10: OK
endian.vpnclient.migration.step__efw_vpnclient__1__2_3_13__0_endian10: OK
endian.firewallgui.migration.step__efw_firewall__2__2_3_48__0_endian18: OK
endian.proxy.migration.step__efw_proxy__1__2_3_0__1_endian3: OK
Found: 4
OK: 4

Now all the OpenVPN related issues are resolved.
However this has disabled the HTTP proxy and messed up its configuiration (the others are still running and retained their configurations).

The public URL blacklist content filtering still doesn't work.

- Issue History
Date Modified Username Field Change
2010-07-03 11:16 _thebishop_ New Issue
2010-07-05 07:56 luca-endian Note Added: 0004586
2010-07-05 08:43 _thebishop_ Note Added: 0004587
2010-07-05 16:09 peter-endian Relationship added related to 0003039
2010-07-05 16:11 peter-endian Note Added: 0004590
2010-07-05 16:11 peter-endian Status new => feedback
2010-07-05 17:14 _thebishop_ Note Added: 0004598
2010-07-07 14:18 _thebishop_ Note Added: 0004601
2010-09-23 13:45 peter-endian Status feedback => closed
2010-09-23 13:45 peter-endian Resolution open => no change required

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker