|
|
Erich Titl wrote: > Hi > > Andrew Gargan wrote: >> Hi All >> > ...> (VER=V4): 'c0103fa8' TCP VER=V4 I presume >> Tue Jul 04 07:50:45 2006 us=650198 STREAM: RESET >> Tue Jul 04 07:50:45 2006 us=652598 STREAM: INIT maxlen=1544 >> Tue Jul 04 07:50:45 2006 us=655506 Attempting to establish TCP >> connection with 196.25.154.130:1194 >> --- snip --- >> >> Can't seem to get any connectivity ... >> >> I suspect its my firewall not mangling/routing/natting packets properly >> but don't have the necessary knowledge to check ... > > Show us the tcpdump output of your external interface for port 1194, > also look at the log from the server. Not really sure how to do this properly have a whole bunch of mangling rules mucking me about. My gateway has 2 External interfaces. eth1 = Leased Line digital circuit for mail. eth2 = ADSL out for general internet access. eth0 = my internal network My clients on the eth0 network are being SNATED to the ADSL IP which is on my ADSL router. eth0 [ Gateway ] eth1 <----> router <-----> internet ] eth2 <----> ADSL router <----> internet I am running the VPN on all external Interfaces at the moment and am trying to test the VPN from inside my eth0 network eg eth0 -> eth2 -> ADSL router -> router -> eth1 dunno how I am supposed to do this :( I think the mangling/S-NATing ..is stuffing things up?!?! > >> Does anyone have any pointers??? >> >> I have inherited this setup and don't want to break too much... >> (1200 lines of iptables rules which seems a little overkill.) > > Yes it seems, I would get rid of them and use a firewall management tool > like fwbuilder for example. Am thinking of replacing the gateway altogether and introducing a new one in a flavour of linux I am more familiar with. > > > Get stuff done quickly with pre-integrated technology to make your job easier > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users -- ------------------------------------------ Andrew Gargan (Systems Administrator) Systems Automation & Management (PTY) Ltd. http://www.sam.co.za/ Tel: +27 11 803 0570 (ext 12) Fax: +27 11 803 3486 ------------------------------------------ Confidentiality Note: This message and its attachments ("the Email") is a confidential communication, may contain legally privileged information and is intended only for the indicated addressee/s ("the Addressee"). The retention, use, copying or distribution of the Email other than by the Addressee is prohibited. If you have received the Email in error, you are kindly requested to notify SAM immediately at info@xxxxxxxxx and delete the email and destroy any printed documents. SAM does not warrant that the Email is virus-free, that (having regard to the nature of electronic data) it is complete or accurate and is not responsible for any loss or damage occasioned to any person as a result thereof. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-07/msg00011.html on line 266 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-07/msg00011.html on line 266 |