Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: kumar on December 24, 2007, 08:04:04 am
-
BIG Thanks to the guys who have done VERY VERY GREAT JOB... 8)
I have been working on FreeBSD based pfsense from past one year, waiting for this type of firewall from longtime which is based on Linux platform now I would like to move E-Box,
I have installed E-Box on Xen layer, E-Box acting as a firewall for my VM's (Windows XP, Ubuntu ), I have tested some basic features, without any trouble everything is working great.
I got stuck with OpenVPN, everthing seems fine I am able to connect to OpenVPN server, but i am not able to ping windows XP Vm ( Disabled Firewall also in XP ) , I pass a rule in firewall section, log showing VPN Client connection initiated.
What might be the problem?
appriciate any help...
once again thanks for GREAT JOB..
-
I found the problem.. working like a F16
The problem is i forgot to add comp-lzo in my client configuration file..
if anybody need help on eBox - openVPN related please post here,, i will try to help you out..
thanks for the great product..
-
Yes Kumar, I need help here. I was successfully install the ebox platform and I have 1 ebox server and 2 windows XP with different network. Problem is, I was create 2 user with ebox, but XP client still can't login to it over VPN. Any suggestion, tips, or how to step by step will be apreciate. Thanks for your help.
-
Hello,
i don't know if you case is you cannot connecct to the VPN or you could connect but not log in your shares or domain.
If we have the first case I suggest you to take a look to this page:
http://www.ebox-platform.com/usersguide/en/html-chunk/ch17s02.html
-
Thanks for your quick reply Javier, I almost forgot something. Ebox using OpenVPN not a simple PPTP (PopTop) for VPN server, so I need a OpenVPN client for Windows XP which is I can found at http://www.openvpn.se/ (http://www.openvpn.se/).
Another question, can I have access the share folder after VPN login first, if doesnt, I can't access the folder?
Updated :
Still no luck from Windows XP with OpenVPN client software :(
Tue Feb 12 01:42:37 2008 Cannot load private key file myfileserver.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Tue Feb 12 01:42:37 2008 Error: private key password verification failed
Tue Feb 12 01:42:37 2008 Exiting
Updated :
I was able to connecting to the OpenVPN, finnally I found the problem where my Windows XP date its NOT SAME with the server.
Wed Feb 13 09:28:08 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Feb 13 09:28:08 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Feb 13 09:28:08 2008 LZO compression initialized
Wed Feb 13 09:28:08 2008 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Feb 13 09:28:08 2008 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Feb 13 09:28:08 2008 Local Options hash (VER=V4): '31fdf004'
Wed Feb 13 09:28:08 2008 Expected Remote Options hash (VER=V4): '3e6d1056'
Wed Feb 13 09:28:08 2008 Attempting to establish TCP connection with 100.100.1.15:1194
Wed Feb 13 09:28:08 2008 TCP connection established with 100.100.1.1:1194
Wed Feb 13 09:28:08 2008 TCPv4_CLIENT link local: [undef]
Wed Feb 13 09:28:08 2008 TCPv4_CLIENT link remote: 100.100.1.1:1194
Wed Feb 13 09:28:08 2008 TLS: Initial packet from 100.100.1.1:1194, sid=c3e0b34a 32b69f98
Wed Feb 13 09:28:08 2008 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=Server/CN=Certification_Authority_Certificate
Wed Feb 13 09:28:08 2008 VERIFY X509NAME OK: /C=ES/ST=Nation/L=Nowhere/O=Server/CN=Client
Wed Feb 13 09:28:08 2008 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=Server/CN=Client
Wed Feb 13 09:28:09 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 13 09:28:09 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 13 09:28:09 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 13 09:28:09 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 13 09:28:09 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 13 09:28:09 2008 [Client] Peer Connection Initiated with 100.100.1.1:1194
Wed Feb 13 09:28:10 2008 SENT CONTROL [Client]: 'PUSH_REQUEST' (status=1)
Wed Feb 13 09:28:10 2008 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.168.0.1,ping 10,ping-restart 120,ifconfig 172.168.0.2 255.255.255.0'
Wed Feb 13 09:28:10 2008 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 13 09:28:10 2008 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 13 09:28:10 2008 OPTIONS IMPORT: route options modified
Wed Feb 13 09:28:10 2008 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{6091B0CB-A2B0-40C2-A3EA-489F0D002888}.tap
Wed Feb 13 09:28:10 2008 TAP-Win32 Driver Version 8.4
Wed Feb 13 09:28:10 2008 TAP-Win32 MTU=1500
Wed Feb 13 09:28:10 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.168.0.2/255.255.255.0 on interface {6091B0CB-A2B0-40C2-A3EA-489F0D002888} [DHCP-serv: 172.168.0.0, lease-time: 31536000]
Wed Feb 13 09:28:10 2008 Successful ARP Flush on interface [3] {6091B0CB-A2B0-40C2-A3EA-489F0D002888}
Wed Feb 13 09:28:10 2008 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Feb 13 09:28:10 2008 Route: Waiting for TUN/TAP interface to come up...
Wed Feb 13 09:28:11 2008 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Feb 13 09:28:11 2008 Route: Waiting for TUN/TAP interface to come up...
Wed Feb 13 09:28:12 2008 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Wed Feb 13 09:28:12 2008 Initialization Sequence Completed
Wed Feb 13 09:28:25 2008 TCP/UDP: Closing socket
Wed Feb 13 09:28:25 2008 Closing TUN/TAP interface
Wed Feb 13 09:28:25 2008 SIGTERM[hard,] received, process exiting
The scenario is :
Ebox server ip at eth0 = 100.100.1.1/30
eth0:0 = 192.168.1.1/30
eth0:1 = 192.168.2.1/30
eth1 = 192.168.0.1/30
eth1:0 = 172.168.2.1/24
Client 1 = 192.168.1.2/30
Client 2 = 192.168.2.2/30
Client 1 and client 2 success ping the Ebox server trought eth0 Ebox server (LAN/WAN) and success connected to the Ebox VPN with OpenVPN client and got DHCP ip 172.168.2.2 and 172.168.2.10.
Another problem is, my Windows DHCP client not get a gateway ip 172.168.2.1 and DNS ip. So, after connected, I CAN'T ping the Ebox server and CAN'T resolve local domain.
What should I do? Thanks for help.
-
Hhhmh.. from google I was found it's OpenVPN problem, not a DHCP server. I don't know about the Ebox firewall, because I didn't change any firewall configuration. Until now, I still can't solve problem.
Updated :
After trial and error, I was successfully ping to VPN ip gateway. The problem is eth1:0 = 172.168.2.1/24 virtual interfaces. I deleted this configuration and then I can ping it.