Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: Zentyal as home firewall crashing every two hours
« on: May 12, 2012, 05:39:29 pm »
My problem seemed to coincide with the last updates - however this may have been coincidental. Try checking your log retention durations. I had a couple logs set to keep indefinitely - I've now set those to 90 days. I also purged logs older than 90 days. It seems to have resolved my issue, at least for the moment.
When I first did the install a couple years ago - the installer partitioned the drive with / being a little on the small side (6GB I think for / and 70GB for /home) and there is only about 1GB free on / with almost 60GB free on /home. I'd like to stretch / a bit and give it another 10GB or so from /home.
When I first did the install a couple years ago - the installer partitioned the drive with / being a little on the small side (6GB I think for / and 70GB for /home) and there is only about 1GB free on / with almost 60GB free on /home. I'd like to stretch / a bit and give it another 10GB or so from /home.
2
Installation and Upgrades / Re: Zentyal as home firewall crashing every two hours
« on: May 05, 2012, 06:41:29 pm »
I had a similar thought. Drive space is not great but seems acceptable. I did have some logs set to keep indefinitely. I've set them to 90 days and purged logs older than 90 days. This firewall has been running for 2+ years so I'd imagine the logs had added up.
Seems to be working better now.
Seems to be working better now.
3
Installation and Upgrades / Zentyal as home firewall crashing every two hours
« on: April 28, 2012, 09:06:19 pm »
I've been running eBox/Zentyal as my home firewall for several years now. At the moment I'm running 2.2.7 - mostly just as a firewall/DNS/DHCP/VPN. One upstream port - three downside ports - internal segregated wireless zone, internal home network zone, internal server zone (external web and zimbra email servers - currently shut down).
After updating with the community updates a couple days ago - the Zentyal firewall will only stay up for about 2-3 hours at a time - after which it becomes unresponsive and requires a hard reboot - then works fine for another 2-3 hours.
The only thing I can find is that after about 1 to 1 and 1/2 hours postgres starts to use 90+% of the cpu and stays that high until the firewall becomes unresponsive after about another hour.
Any thoughts?
After updating with the community updates a couple days ago - the Zentyal firewall will only stay up for about 2-3 hours at a time - after which it becomes unresponsive and requires a hard reboot - then works fine for another 2-3 hours.
The only thing I can find is that after about 1 to 1 and 1/2 hours postgres starts to use 90+% of the cpu and stays that high until the firewall becomes unresponsive after about another hour.
Any thoughts?
4
Installation and Upgrades / Does Zentyal support VPN passthrough for clients behind the firewall?
« on: February 01, 2011, 07:15:53 pm »
I have a Zentyal 2.02 server on my home network with three internal zones (external server, home network, wireless) and one WAN connection.
I'm working from home with my work laptop connecting via wireless and trying to connect to work via a Cisco VPN client but it can't seem to make a connection. I can connect via the Cisco VPN client from other wireless networks so I know that part works.
Does Zentyal support VPN passthrough? I didn't find any mention of it in the documentation.
Thank you,
Eric
I'm working from home with my work laptop connecting via wireless and trying to connect to work via a Cisco VPN client but it can't seem to make a connection. I can connect via the Cisco VPN client from other wireless networks so I know that part works.
Does Zentyal support VPN passthrough? I didn't find any mention of it in the documentation.
Thank you,
Eric
5
Installation and Upgrades / Re: eBox as wireless access point?
« on: March 18, 2008, 02:56:35 am »
Very true - and an excellent set of instructions - but as you said - having everything integrated into eBox with it's web-based GUI for configuration would just be perfect. It would also help so many of those out there with very insecure setups that put their wireless access points directly on the internal network. And WHEN the wireless gets hacked the intruders have access to everything on the internal network. It would be orders of magnitude more difficult to hack if the wireless was isolated and access to the internal network was via certificate authenticated OpenVPN connections from wireless nodes.
6
Installation and Upgrades / Re: Problems installing on ubuntu 7.10
« on: March 07, 2008, 08:27:57 pm »
Since you already have samba, dhcp, etc. installed on this box and those are also part of eBox - you may be getting conflicts with existing packages.
I would try to uninstall any services like samba and dhcp that you haven't configured or aren't using yet, then try to install ebox again to see if the list of conflicts is reduced.
I would try to uninstall any services like samba and dhcp that you haven't configured or aren't using yet, then try to install ebox again to see if the list of conflicts is reduced.
7
Installation and Upgrades / Re: site-to-site OpenVPN problem
« on: March 07, 2008, 08:24:08 pm »
Ok, it's still not working but here is my new config...
System A
- Ubuntu 7-10
- IP: 192.168.2.2
- Gateway: 192.168.2.1
System B
- eBox 0.11.99
- Int IP: 192.168.2.1
- Ext IP: 192.168.4.2
- DHCP running - serving: 192.168.2.2 - 192.168.2.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system C
- VPN network address: 192.168.3.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.2.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.2)
- OpenVPN client config
- OpenVPN server address: 192.168.4.3
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system C
- Client certificate set to that generated from system C
- Client private key set to that generated from system C
- Firewall rules
-- in Filtering rules from internal networks to eBox
--- default rules
-- in Filtering rules for internal networks
--- allow any service from 192.168.2.0/24 to any address
--- allow any service from 192.168.3.0/24 to 192.168.2.0/24
--- allow any service from 192.168.5.0/24 to 192.168.2.0/24
-- in Filtering rules for traffic coming out from eBox
--- no rules
-- in Filtering rules from external networks to eBox
--- no rules
-- in Filtering rules from external networks to internal networks
--- no rules
System C
- eBox 0.11.99
- Ext IP: 192.168.4.3
- Int IP: 192.168.5.1
- DHCP running - serving: 192.168.5.2 - 192.168.5.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system B
- VPN network address: 192.168.6.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.5.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.3)
- OpenVPN client config
- OpenVPN server address: 192.168.4.2
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system B
- Client certificate set to that generated from system B
- Client private key set to that generated from system B
- Firewall rules
-- in Filtering rules from internal networks to eBox
--- default rules
-- in Filtering rules for internal networks
--- allow any service from 192.168.5.0/24 to any address
--- allow any service from 192.168.6.0/24 to 192.168.5.0/24
--- allow any service from 192.168.2.0/24 to 192.168.5.0/24
-- in Filtering rules for traffic coming out from eBox
--- no rules
-- in Filtering rules from external networks to eBox
--- no rules
-- in Filtering rules from external networks to internal networks
--- no rules
System D
- Ubuntu 7-10
- IP: 192.168.5.2
- Gateway: 192.168.5.1
In the OpenVPN logs on system B I get
Event: Client connection initiated
Type: server
Remote IP: 192.168.4.3
In the OpenVPN logs on system C I get
Event: Client connection initiated
Type: server
Remote IP: 192.168.4.2
Event: Connection to server initiated
Type: client
Remote IP: 192.168.4.2
Event: Initialization sequence completed
Type: client
System A can ping 192.168.2.1 (eBox B int)
System A can ping 192.168.4.2 (eBox B ext)
System A can ping 192.168.4.3 (eBox C ext)
System A cannot ping 192.168.5.1 (eBox C int) (Packets just dropped - no error message)
System A cannot ping 192.168.5.2 (System D) (Packets just dropped - no error message)
System D can ping 192.168.5.1 (eBox C int)
System D can ping 192.168.4.3 (eBox C ext)
System D can ping 192.168.4.2 (eBox B ext)
System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message)
System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message)
> hi!
>
> I did site to site test and this works fine. The only diference in my
>
> configuration about your is that:
>
> 1) I configured the system B for server OpenVPN and client OpenVPN of
>
> system C.
>
> 2) I configured the system C for server OpenVPN and client OpenVPN of
>
> system B
>
System A
- Ubuntu 7-10
- IP: 192.168.2.2
- Gateway: 192.168.2.1
System B
- eBox 0.11.99
- Int IP: 192.168.2.1
- Ext IP: 192.168.4.2
- DHCP running - serving: 192.168.2.2 - 192.168.2.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system C
- VPN network address: 192.168.3.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.2.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.2)
- OpenVPN client config
- OpenVPN server address: 192.168.4.3
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system C
- Client certificate set to that generated from system C
- Client private key set to that generated from system C
- Firewall rules
-- in Filtering rules from internal networks to eBox
--- default rules
-- in Filtering rules for internal networks
--- allow any service from 192.168.2.0/24 to any address
--- allow any service from 192.168.3.0/24 to 192.168.2.0/24
--- allow any service from 192.168.5.0/24 to 192.168.2.0/24
-- in Filtering rules for traffic coming out from eBox
--- no rules
-- in Filtering rules from external networks to eBox
--- no rules
-- in Filtering rules from external networks to internal networks
--- no rules
System C
- eBox 0.11.99
- Ext IP: 192.168.4.3
- Int IP: 192.168.5.1
- DHCP running - serving: 192.168.5.2 - 192.168.5.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system B
- VPN network address: 192.168.6.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.5.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.3)
- OpenVPN client config
- OpenVPN server address: 192.168.4.2
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system B
- Client certificate set to that generated from system B
- Client private key set to that generated from system B
- Firewall rules
-- in Filtering rules from internal networks to eBox
--- default rules
-- in Filtering rules for internal networks
--- allow any service from 192.168.5.0/24 to any address
--- allow any service from 192.168.6.0/24 to 192.168.5.0/24
--- allow any service from 192.168.2.0/24 to 192.168.5.0/24
-- in Filtering rules for traffic coming out from eBox
--- no rules
-- in Filtering rules from external networks to eBox
--- no rules
-- in Filtering rules from external networks to internal networks
--- no rules
System D
- Ubuntu 7-10
- IP: 192.168.5.2
- Gateway: 192.168.5.1
In the OpenVPN logs on system B I get
Event: Client connection initiated
Type: server
Remote IP: 192.168.4.3
In the OpenVPN logs on system C I get
Event: Client connection initiated
Type: server
Remote IP: 192.168.4.2
Event: Connection to server initiated
Type: client
Remote IP: 192.168.4.2
Event: Initialization sequence completed
Type: client
System A can ping 192.168.2.1 (eBox B int)
System A can ping 192.168.4.2 (eBox B ext)
System A can ping 192.168.4.3 (eBox C ext)
System A cannot ping 192.168.5.1 (eBox C int) (Packets just dropped - no error message)
System A cannot ping 192.168.5.2 (System D) (Packets just dropped - no error message)
System D can ping 192.168.5.1 (eBox C int)
System D can ping 192.168.4.3 (eBox C ext)
System D can ping 192.168.4.2 (eBox B ext)
System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message)
System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message)
> hi!
>
> I did site to site test and this works fine. The only diference in my
>
> configuration about your is that:
>
> 1) I configured the system B for server OpenVPN and client OpenVPN of
>
> system C.
>
> 2) I configured the system C for server OpenVPN and client OpenVPN of
>
> system B
>
8
Installation and Upgrades / Re: site-to-site OpenVPN problem
« on: March 06, 2008, 07:41:24 pm »
Still having trouble with site to site OpenVPN connections - also posted this to the email list...
I think I am following all the docs and forum post suggestions but I just can't seem to get site to site OpenVPN connections to work. I have a feeling I'm missing something obvious (or doing something really stupid).
Here is my test setup - four machines...
System A
- Ubuntu 7-10
- IP: 192.168.2.2
- Gateway: 192.168.2.1
System B
- eBox 0.11.99
- Int IP: 192.168.2.1
- Ext IP: 192.168.4.2
- DHCP running - serving: 192.168.2.2 - 192.168.2.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system C
- VPN network address: 192.168.3.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.2.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.2)
System C
- eBox 0.11.99
- Ext IP: 192.168.4.3
- Int IP: 192.168.5.1
- DHCP running - serving: 192.168.5.2 - 192.168.5.10
- OpenVPN service running and active
- OpenVPN client config
- OpenVPN server address: 192.168.4.2
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system B
- Client certificate set to that generated from system B
- Client private key set to that generated from system B
System D
- Ubuntu 7-10
- IP: 192.168.5.2
- Gateway: 192.168.5.1
In the OpenVPN logs on system B I get
Event: Client connection initiated
Daemon: SystemB
Type: server
Remote IP: 192.168.4.3
Remote Certificate: systemc.testdomain.net
System A can ping 192.168.2.1 (eBox B int)
System A can ping 192.168.4.2 (eBox B ext)
System A can ping 192.168.4.3 (eBox C ext)
System A cannot ping 192.168.5.1 (eBox C int) (Destination Host Unreachable)
System A cannot ping 192.168.5.2 (System D) (Destination Host Unreachable)
System D can ping 192.168.5.1 (eBox C int)
System D can ping 192.168.4.3 (eBox C ext)
System D can ping 192.168.4.2 (eBox B ext)
System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message)
System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message)
There are no firewall rules set in any section.
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.3.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.3.0/24?
Everything seems like it should work - but it doesn't. Any suggestions would be greatly appreciated.
If I can get this to work - if there is a way, I would like to volunteer to help improve the documentation - particularly the section on OpenVPN and CA. The documentation doesn't appear to be set up as a wiki so not sure how to submit changes or updates.
Thanks,
Eric
I think I am following all the docs and forum post suggestions but I just can't seem to get site to site OpenVPN connections to work. I have a feeling I'm missing something obvious (or doing something really stupid).
Here is my test setup - four machines...
System A
- Ubuntu 7-10
- IP: 192.168.2.2
- Gateway: 192.168.2.1
System B
- eBox 0.11.99
- Int IP: 192.168.2.1
- Ext IP: 192.168.4.2
- DHCP running - serving: 192.168.2.2 - 192.168.2.10
- OpenVPN service running and active
- CA established
- certificates generated for self and system C
- VPN network address: 192.168.3.0
- VPN network netmask: 255.255.255.0
- OpenVPN network advertised: 192.168.2.0/255.255.255.0
- Protocol: TCP
- Port: 1194
- Client authorization by common name: disabled
- Allow eBox-to-eBox tunnels: checked
- Allow client-to-client connections: not checked
- OpenVPN Interface: eth1 (external - 192.168.4.2)
System C
- eBox 0.11.99
- Ext IP: 192.168.4.3
- Int IP: 192.168.5.1
- DHCP running - serving: 192.168.5.2 - 192.168.5.10
- OpenVPN service running and active
- OpenVPN client config
- OpenVPN server address: 192.168.4.2
- OpenVPN server protocol: TCP
- OpenVPN port: 1194
- CA certificate set to that from system B
- Client certificate set to that generated from system B
- Client private key set to that generated from system B
System D
- Ubuntu 7-10
- IP: 192.168.5.2
- Gateway: 192.168.5.1
In the OpenVPN logs on system B I get
Event: Client connection initiated
Daemon: SystemB
Type: server
Remote IP: 192.168.4.3
Remote Certificate: systemc.testdomain.net
System A can ping 192.168.2.1 (eBox B int)
System A can ping 192.168.4.2 (eBox B ext)
System A can ping 192.168.4.3 (eBox C ext)
System A cannot ping 192.168.5.1 (eBox C int) (Destination Host Unreachable)
System A cannot ping 192.168.5.2 (System D) (Destination Host Unreachable)
System D can ping 192.168.5.1 (eBox C int)
System D can ping 192.168.4.3 (eBox C ext)
System D can ping 192.168.4.2 (eBox B ext)
System D cannot ping 192.168.2.1 (eBox B int) (Packets just dropped - no error message)
System D cannot ping 192.168.2.2 (System A) (Packets just dropped - no error message)
There are no firewall rules set in any section.
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.3.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.2.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox B to allow traffic from 192.168.3.0/24 to 192.168.5.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.2.0/24?
Do I need to create a firewall rule on eBox C to allow traffic from 192.168.5.0/24 to 192.168.3.0/24?
Everything seems like it should work - but it doesn't. Any suggestions would be greatly appreciated.
If I can get this to work - if there is a way, I would like to volunteer to help improve the documentation - particularly the section on OpenVPN and CA. The documentation doesn't appear to be set up as a wiki so not sure how to submit changes or updates.
Thanks,
Eric
9
Installation and Upgrades / add alternate netmask to static address config?
« on: February 25, 2008, 10:11:59 pm »
In eBox Network -> Interfaces... when setting a host interface to a static address, the Netmask is a pull down menu. If the netmask needed is not in the selection list (in this case 255.255.248.0) - what is the best way of adding it?
Thanks,
Eric
Thanks,
Eric
10
Installation and Upgrades / how to change the ebox system hostname?
« on: February 25, 2008, 10:06:52 pm »
If I need/want to change the ebox system's hostname - what's the best way of doing that? I tried vi'ing /etc/hostname, but then after a reboot none of the services started.
Thanks,
Eric
Thanks,
Eric
11
Installation and Upgrades / DHCP on multiple internal networks?
« on: February 14, 2008, 03:59:49 pm »
From the documentation at http://www.ebox-platform.com/usersguide/en/html-chunk/ch13.html and the configuration it would appear that DHCP can only be bonded to one nic?
What if you have two nics in addition to the wan nic that represent two separate internal networks? Is it possible to configure DHCP for each internal network or only one?
Thank you,
Eric
What if you have two nics in addition to the wan nic that represent two separate internal networks? Is it possible to configure DHCP for each internal network or only one?
Thank you,
Eric
12
Installation and Upgrades / eBox as wireless access point?
« on: February 13, 2008, 06:28:48 pm »
Has anyone tried using eBox as a wireless access point?
What I was thinking of trying was...
eBox host
wired ethernet nic 1: wan port
wired ethernet nic 2: internal desktops
wired ethernet nic 3: internal servers
wired ethernet nic 4: external public/semi-public servers
wireless 802.11g PCI nic: wireless access point/zone
OpenVPN virtual zone: with internal server network zone advertised to access internal servers
Ideally, what I'd really like to do is to set the eBox machine up so that local wireless clients would connect to the wireless zone but could do nothing - not even connect to the Internet - unless they make an OpenVPN connection to the eBox OpenVPN zone and then they can access the internal servers and the Internet via the certificate authenticated OpenVPN connection.
Everything but the wireless zone looks to be straightforward and I haven't dug too deeply into the documentation, but should the above be possible with eBox?
Also not sure if the Debian version would support the wireless nic - may have to wait for the Ubuntu based version for that.
Thanks,
Eric
What I was thinking of trying was...
eBox host
wired ethernet nic 1: wan port
wired ethernet nic 2: internal desktops
wired ethernet nic 3: internal servers
wired ethernet nic 4: external public/semi-public servers
wireless 802.11g PCI nic: wireless access point/zone
OpenVPN virtual zone: with internal server network zone advertised to access internal servers
Ideally, what I'd really like to do is to set the eBox machine up so that local wireless clients would connect to the wireless zone but could do nothing - not even connect to the Internet - unless they make an OpenVPN connection to the eBox OpenVPN zone and then they can access the internal servers and the Internet via the certificate authenticated OpenVPN connection.
Everything but the wireless zone looks to be straightforward and I haven't dug too deeply into the documentation, but should the above be possible with eBox?
Also not sure if the Debian version would support the wireless nic - may have to wait for the Ubuntu based version for that.
Thanks,
Eric
13
News and Announcements / Re: eBox 0.11 testing packages for Ubuntu Gutsy
« on: February 11, 2008, 06:40:51 pm »
I am really looking forward to eBox on Ubuntu - particularly for the improved hardware compatibility.
Do you anticipate working on the OpenVPN module soon?
Thank you for all the excellent work!
Eric
Do you anticipate working on the OpenVPN module soon?
Thank you for all the excellent work!
Eric
14
Installation and Upgrades / site-to-site OpenVPN problem
« on: February 11, 2008, 06:21:20 pm »
Hello,
As a new eBox user - my emphatic compliments to the development team - eBox is an incredible package!
For my problem -- I have set up the following test configuration. Any advice would be most appreciated.
following http://www.ebox-platform.com/usersguide/en/html-chunk/ch17s02.html
four hosts with ethernet cross-over cables between them
client A1 -> 192.168.1.2
'lan A' -> 192.168.1.0/255.255.255.0
ebox 0.11.2 server A
ebox lan A port -> 192.168.1.1
ebox openvpn server - Allow eBox to eBox tunnels is checked
ebox openvpn address pool -> 192.168.2.0/255.255.255.0
ebox openvpn advertised network -> 192.168.1.0/255.255.255.0
ebox wan port -> 192.168.3.2
ebox 0.11.2 server B
ebox wan port -> 192.168.3.3
ebox openvpn client with certificates and keys from ebox A
ebox openvpn client points to 192.168.3.2 for its openvpn server
ebox lan B port -> 192.168.4.1
'lan B' -> 192.168.4.0/255.255.255.0
client B1 -> 192.168.4.2
client A1 can ping ebox server A and the wan port of ebox server B
client B1 can ping ebox server B and the wan port of ebox server A
ebox server A can ping client A1 and the wan port of ebox server B
ebox server B can ping client B1 and the wan port of ebox server A
in the OpenVPN logs of ebox server A - ebox server B appears to connect and authenticate correctly to ebox server A - however...
client A1 cannot ping client B1
client B1 cannot ping client A1
ebox server A cannot ping client B1
ebox server B cannot ping client A1
Do I need to set up any firewall rules to allow traffic from the 192.168.2.* virtual address space to talk to hosts in the 192.168.1.* address space?
Do I need to set up any firewall rules to allow traffic from the 192.168.1.* address space to talk to hosts in the 192.168.4.* address space?
Does anything get logged when host B1 would access resources in lan A?
Does anything get logged when host A1 would access resources in lan B?
From the documentation it would appear host B1 should be able to see any resource in the advertised lan A - however, should host A1 be able to see any resource in lan B?
Thank you very much for any advice you can offer.
Eric
As a new eBox user - my emphatic compliments to the development team - eBox is an incredible package!
For my problem -- I have set up the following test configuration. Any advice would be most appreciated.
following http://www.ebox-platform.com/usersguide/en/html-chunk/ch17s02.html
four hosts with ethernet cross-over cables between them
client A1 -> 192.168.1.2
'lan A' -> 192.168.1.0/255.255.255.0
ebox 0.11.2 server A
ebox lan A port -> 192.168.1.1
ebox openvpn server - Allow eBox to eBox tunnels is checked
ebox openvpn address pool -> 192.168.2.0/255.255.255.0
ebox openvpn advertised network -> 192.168.1.0/255.255.255.0
ebox wan port -> 192.168.3.2
ebox 0.11.2 server B
ebox wan port -> 192.168.3.3
ebox openvpn client with certificates and keys from ebox A
ebox openvpn client points to 192.168.3.2 for its openvpn server
ebox lan B port -> 192.168.4.1
'lan B' -> 192.168.4.0/255.255.255.0
client B1 -> 192.168.4.2
client A1 can ping ebox server A and the wan port of ebox server B
client B1 can ping ebox server B and the wan port of ebox server A
ebox server A can ping client A1 and the wan port of ebox server B
ebox server B can ping client B1 and the wan port of ebox server A
in the OpenVPN logs of ebox server A - ebox server B appears to connect and authenticate correctly to ebox server A - however...
client A1 cannot ping client B1
client B1 cannot ping client A1
ebox server A cannot ping client B1
ebox server B cannot ping client A1
Do I need to set up any firewall rules to allow traffic from the 192.168.2.* virtual address space to talk to hosts in the 192.168.1.* address space?
Do I need to set up any firewall rules to allow traffic from the 192.168.1.* address space to talk to hosts in the 192.168.4.* address space?
Does anything get logged when host B1 would access resources in lan A?
Does anything get logged when host A1 would access resources in lan B?
From the documentation it would appear host B1 should be able to see any resource in the advertised lan A - however, should host A1 be able to see any resource in lan B?
Thank you very much for any advice you can offer.
Eric
Pages: [1]