My VPN Firewall does not filter my connections between my Roadwarriors !? OR on newer versions: My roadwarriors cannot see each other!?

Email to friend

Add comment

Votes: 0

Comments: 0

Posted: 26 Jul, 2007
by: Warasin P.

Updated: 04 Dec, 2008
by: Warasin P.

In order to make sure we mean the same situation:

You have enabled the OpenVPN server and have several Roadwarriors connected. You have one of the following problems:

You use Endian Firewall version < 2.2 and you have configured the VPN Firewall in such a way that one Roadwarrior should not be able to connect to another Roadwarrior. But this is not going to be happen and in reality connections from one Roadwarrior to another will not be blocked.

You have an Endian Firewall version >= 2.2 and your Roadwarriors can not reach other Roadwarriors, regardless of the configuration of your VPN Firewall or if you are using Endian Firewall Community.

Both possibilities do not happen if one side is a gateway-to-gateway client and the connection starts or ends behind the gateway-to-gateway VPN endpoint.

This case needs you to configure your OpenVPN server in a special way in order to push the correct routes to the Roadwarriors, which forces connections to go through the VPN Firewall on the OpenVPN server:

Split your GREEN network logically in 2 parts. This is just for organizational purpose, you don't need to change configuration of your GREEN network.

You imagine one of the both parts to be reserved for workstations within your GREEN LAN and the GREEN interface of the Endian Firewall.
You imagine the second part to be reserved for OpenVPN clients.
Pay attention to choose this parts in such a way that the IP-range for the VPN clients will fit a valid subnet range.

For example if your GREEN network will be 10.0.0.0/24, your second part can be for example 10.0.0.128/25 or 10.0.0.192/26.
Configure the IP pool of your OpenVPN server in order to exactly fit the part which you reserved for OpenVPN clients.
For example if you chose 10.0.0.128/25, use 10.0.0.129 as start address and 10.0.0.254 as end address.
Create a dummy OpenVPN account which you in reality will never use to connect to the OpenVPN server, let's name it roadwarriors.
Set a complex password
Configure your logical roadwarrior subnet (10.0.0.128/25) as remote network for this client.
Restart Openvpn in order to force your clients to reconnect and pull the new configuration.

Also read

	The described feature is not on my Endian Firewall. Why?

Others in this Category

	Common pitfalls with Active Directory (Windows) authentication configuration with HTTP Proxy
	Why do some internet based games and applications fail to connect behind Endian Firewall?
	OpenVPN does not push routing information to clients after i changed some
	How do I configure the OpenVPN client on a Linux workstation?
	Why is whitelist not working with http proxy authentication / contentfilter / antivirus?
	How to block specific web sites?
	How can I forward spam mail to a specific email address?
	How to exclude specific sites from Antivirus scanning
	How to configure domains without http authentication?
	How to use POP3s?
	How to configure Endian Firewall in order that a network connected behind a router behind green can also be handled?
	How to exclude specific sites from content filter?
	How can I make my Browsers automatically use the Endian Firewall HTTP Proxy in non-transparent mode?
	I configured my 2 firewalls for High Availability now I can't connect to my slave firewall anymore. What can I do?
	IPSEC to Linksys RV042 VPN How-to
	How to configure the HTTP Antivirus whitelist?
	SMTP Proxy: Mail for xxx loops back to myself. How to solve?
	How do I configure the OpenVPN client on a Windows workstation?
	Why do the proxy graphs not work?
	Why does the Windows update not work with HTTP Proxy on?
	» More articles