[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Firewall Issues

  • Subject: [Openvpn-users] Firewall Issues
  • From: Casey Ruark <cruark@xxxxxxxxxxx>
  • Date: Tue, 06 Jul 2004 22:12:40 -0400
On Tuesday, July 06, 2004 9:17 AM [GMT-5=EST], PHDeliege@xxxxx
<PHDeliege@xxxxx> wrote:

> The problem that I have is as follow: My office Network is linked to
> the Internet via an hardware Firewall (so let say that the intranet
> is IP 192.168.0.X and thus the firewall as 1 ethernet adapter for the
> intranet (192.168.0.1) and an other with our fixed internet IP address
> (193.242.45.22).
> In all the documents that I read concerning OpenVPN, the Linux
> platform running OpenVPN is doing firewall as well as VPN server. But
> as we have to keep our hardware Firewall, is it possible to have the
> VPN server on the Intranet (only with 1 ethernet adapter
> 192.168.0.111) ? I can open some ports on the firewall if needed.
> If yes, what kind of configuration should I use ?

Works fine for me in the type of configuration.  Simply decide which port
your OpenVPN Server will be listening on (5000/UDP is the default), and
configure your hardware firewall to 1) allow external access from this port,
and 2) forward traffic from this port to the IP Address of your OpenVPN
Server.  Hint: a static IP Address on your OpenVPN Server will be helpful...

-Adam

I am currently experincing major difficulty with openvpn routing where two networks
are behind firewalls, and openvpn is present. It seems the only way to get packets flowing on the one side is to MASQ, which I don't want to do, due to the fact that it freaks out
Win2k port 445 (resets connections). Here is the setup.


Corporate

Cisco 2620 Router ----> Firewall ( 10.0.0.4 ) <------> Core Switch 10.0.0.x/24 --------> Openvpn Dev (NAT outside 1-1) Int 10.0.0.75 tun0 172.16.2.1

Remote Office

Cisco 1700 -----> Cisco Pix -----> Core Switch 10.0.25.0/24 -------> Openvpn (NAT 1-1) int 10.0.25.75 eth0 10.1.12.0/24 eth1 (remote subnet)
172.16.2.2 tun0 -----> Switch 2 10.0.12.x/24 ----> Remote LAN

Routes are specified in the VPN config files, but when ping time comes, it won't play except from the vpn devices.
I personally do not want to MASQ any packets if necessary, but it seems that most people are using Openvpn as their primary
firewall/gateway. In my case I only want them to route traffic, without any ruleset. Please help.



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users