Bridged VPN half working
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
Bridged VPN half working
by Lorenzo Milesi-2
::
Rate this Message:
Hi.
I've installed my first EFW today, and I love it already. But I'm having problems with OpenVPN. I've configured a bridged VPN. The client connects fine, I can ping EFW and other machines on the remote lan, I can do ssh and other things, but as soon as traffic is above a certain rate the connection (web, ssh) drops. I.e. I cannot open EFW admin interface: it asks me user/p, but as soon as I press enter I see a little activity and then stop. If I do SSH, either on EFW or another machine, it works as long as the output is few lines. But if I do something like an ls -l of /var the connection get stuck after the first or the second line. In past I had similar problems due to mtu misconfiguration, but I double checked and everything seems ok. Server config: ; daemon configuration daemon mode server tls-server proto udp port 41194 multihome user openvpn group openvpn cd /var/openvpn client-config-dir clients script-security 2 system ; tunnel configuration dev tap0 server-bridge 192.168.0.1 255.255.255.0 192.168.0.101 192.168.0.110 push "route-gateway 192.168.0.1" ptos comp-lzo management 127.0.0.1 5555 keepalive 8 30 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun persist-local-ip persist-remote-ip ; logging and status writepid /var/run/openvpn/openvpn.pid ifconfig-pool-persist openvpn.leases status /var/log/openvpn/openvpn-status.log verb 1 client-connect "/usr/local/bin/dir.d-exec /etc/openvpn/client-connect.d/" client-disconnect "/usr/local/bin/dir.d-exec /etc/openvpn/client-disconnect.d/" ; certificates and authentication dh /var/efw/openvpn/dh1024.pem pkcs12 /var/efw/openvpn/pkcs12.p12 client-cert-not-required auth-user-p-verify "/usr/bin/openvpn-auth" via-file username-as-common-name client conf: client dev tap proto udp remote myremote 41194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/my.pem auth-user-p /etc/openvpn/my_p.txt comp-lzo verb 3 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 any help appreciated. thanks -- Lorenzo Milesi - lorenzo.milesi@... YetOpen S.r.l. - http://www.yetopen.it/ Via Previati 72 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 607 8199 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: Bridged VPN half working
by compdoc
::
Rate this Message:
The problem with bridges is that when you use a network
range that's as popular as 192.168.0.x, which is used by most home networks in the world, you're going to have ip address conflicts. When using VPNs, its best to use a range at work like 192.168.111.x or something you know will not likely have conflicts with your remote workers... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: Bridged VPN half working
by Lorenzo Milesi-2
::
Rate this Message:
----- "compdoc" <compdoc@...> ha scritto: > The problem with bridges is that when you use a network > range that's as popular as 192.168.0.x, which is used by > most home networks in the world, you're going to have ip > address conflicts. > > When using VPNs, its best to use a range at work like > 192.168.111.x or something you know will not likely have > conflicts with your remote workers... What should be the problem? I have a different network, locally! thanks maxxer -- Lorenzo Milesi - lorenzo.milesi@... YetOpen S.r.l. - http://www.yetopen.it/ Via Previati 72 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 607 8199 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: Bridged VPN half working
by compdoc
::
Rate this Message:
But what range is the remote user using for their home
network? If it's the same as 192.168.0.x, then they will also have a gateway of 192.168.0.1 that would conflict with yours. Try using not using a bridged connection and see if the problem goes away... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
R: Bridged VPN half working
by Lorenzo Milesi-2
::
Rate this Message:
----- Lorenzo Milesi <lorenzo.milesi@...> ha scritto: > Hi. > I've installed my first EFW today, and I love it already. > But I'm having problems with OpenVPN. for the record, it was a MSSFIX problem, covered in openvpn faq: http://openvpn.net/index.php/open-source/faq.html I can ping through the tunnel, but any real work causes it to lock up. Is this an MTU problem? Probably. It's best to change the mssfix parameter rather than directly changing the MTU of the TUN/TAP adapter. For example: mssfix 1200 -- Lorenzo Milesi - lorenzo.milesi@... YetOpen S.r.l. - http://www.yetopen.it/ Via Previati 72 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 607 8199 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
|
|
Re: Bridged VPN half working
by Lorenzo Milesi-2
::
Rate this Message:
----- "compdoc" <compdoc@...> ha scritto:
> Try using not using a bridged connection and see if the > problem goes away... btw, how do I switch from bridget to routed? I couldn't find the option on the EFW 2.3 gui... thanks maxxer -- Lorenzo Milesi - lorenzo.milesi@... YetOpen S.r.l. - http://www.yetopen.it/ Via Previati 72 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 607 8199 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user |
| Free embeddable forum powered by Nabble | Forum Help |
