|
|
Jon Bendtsen a écrit : thats possible. Did you check using tcpdump or another sniffer if the firewall sends back a reject message? Or does it simply just drop the packets? One more precision, the vpn-gateways are not the default gateways in each subnets. There are routes to redirect from default gateways to vpn-gateways. When I try to ssh from a computer on site A to site B on default gateway on site B I found that line in logs : kernel: NEW not SYN? IN=eth0 OUT=eth0 SRC=192.168.0.252 DST=192.168.1.8 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=22 DPT=1733 WINDOW=5792 RES=0x00 ACK SYN URGP=0 that's all, and the packet doesn't reach computer B, so I assume the firewall drop it on the default gateway on site B. On this computer runs IpCop, there is a chain NEWNOTSYN which role seems to drop everything. LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `NEW not SYN? ' DROP all -- anywhere anywhere I added this line to the chain but it had no effect ... ACCEPT all -- 192.168.0.0/24 192.168.1.0/24 the packets are still being droped Any idea ? Do you generally allow icmp, aka ping to go through? That cold explain why ping works and ssh does not. It's the default configuration concerning the ping, I have tested and it goes through Vincent -- Sokar -------------------------------- co-administrateur du réseau n7mm.org mail : sokar@xxxxxxxx Retrouvez moi sur irc.n7mm.org : #n7mm ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |