Hello, I have a linux system running with 1 nic. (just local LAN) A Fritzbox is the DSL router, because of services of the Fritzbox (voip etc) I have to use the Fritzbox as the DSL router. Now I want to use the linux system as a VPN router so other devices on the local lan can use that VPN connection. I have setup shorewall but I cannot get it to work. I have monitored the traffic with Wireshark and when I for instance try to open a webpage over the VPN connection I see a SYN packet being sent into the tunnel. I see a SYN ACK returning via the VPN but there it ends, the SYN ACK is not being sended to the machine on the local lan. Anybody has an idea where to look or what ever other information do I need to post to make more clear what is going wrong? Thanks! Peter ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
I''m not sure about your errors, but I''ve found in most cases that you simply must fiddle with your VPN software until it works, because it never works right as documented. I must ask, however, why don''t you use a two interface router and a custom switch instead of the single interface router? it''d be a lot simpler to configure. On 8/25/2011 13:37, Peter Lindeman wrote:> Hello, > > I have a linux system running with 1 nic. (just local LAN) A Fritzbox > is the DSL router, because of services of the Fritzbox (voip etc) I > have to use the Fritzbox as the DSL router. > > Now I want to use the linux system as a VPN router so other devices on > the local lan can use that VPN connection. > > I have setup shorewall but I cannot get it to work. I have monitored > the traffic with Wireshark and when I for instance try to open a > webpage over the VPN connection I see a SYN packet being sent into the > tunnel. I see a SYN ACK returning via the VPN but there it ends, the > SYN ACK is not being sended to the machine on the local lan. > > Anybody has an idea where to look or what ever other information do I > need to post to make more clear what is going wrong? > > Thanks! > Peter > > > > ------------------------------------------------------------------------------ > EMC VNX: the world''s simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
On Aug 25, 2011, at 1:37 PM, Peter Lindeman wrote:> I have a linux system running with 1 nic. (just local LAN) A Fritzbox is the DSL router, because of services of the Fritzbox (voip etc) I have to use the Fritzbox as the DSL router. > > Now I want to use the linux system as a VPN router so other devices on the local lan can use that VPN connection. > > I have setup shorewall but I cannot get it to work. I have monitored the traffic with Wireshark and when I for instance try to open a webpage over the VPN connection I see a SYN packet being sent into the tunnel. I see a SYN ACK returning via the VPN but there it ends, the SYN ACK is not being sended to the machine on the local lan. > > Anybody has an idea where to look or what ever other information do I need to post to make more clear what is going wrong?Please see http://www.shorewall.net/support.htm#Guidelines for the information we need to diagnose connection problems. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
On 26 August 2011 06:37, Peter Lindeman <peter@lindeman.nl> wrote:> Hello, > > I have a linux system running with 1 nic. (just local LAN) A Fritzbox is > the DSL router, because of services of the Fritzbox (voip etc) I have to use > the Fritzbox as the DSL router. > > Now I want to use the linux system as a VPN router so other devices on the > local lan can use that VPN connection. > > I have setup shorewall but I cannot get it to work. I have monitored the > traffic with Wireshark and when I for instance try to open a webpage over > the VPN connection I see a SYN packet being sent into the tunnel. I see a > SYN ACK returning via the VPN but there it ends, the SYN ACK is not being > sended to the machine on the local lan. > > Anybody has an idea where to look or what ever other information do I need > to post to make more clear what is going wrong? > >Your problem is probably a simple one - the fritzbox needs a route added back to the VPN clients. I hope you are using OpenVPN in roadwarrior mode, and so you simply need to add a route on the fritzbox to whatever subnet your VPN clients are on, out the LAN ip of the VPN box. Dave ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
On Mon, Aug 29, 2011 at 00:58, Tom Eastep <teastep@shorewall.net> wrote:> > On Aug 25, 2011, at 1:37 PM, Peter Lindeman wrote: > > I have a linux system running with 1 nic. (just local LAN) A Fritzbox is > the DSL router, because of services of the Fritzbox (voip etc) I have to use > the Fritzbox as the DSL router. > > Now I want to use the linux system as a VPN router so other devices on the > local lan can use that VPN connection. > > I have setup shorewall but I cannot get it to work. I have monitored the > traffic with Wireshark and when I for instance try to open a webpage over > the VPN connection I see a SYN packet being sent into the tunnel. I see a > SYN ACK returning via the VPN but there it ends, the SYN ACK is not being > sended to the machine on the local lan. > > Anybody has an idea where to look or what ever other information do I need > to post to make more clear what is going wrong? > > > Please see http://www.shorewall.net/support.htm#Guidelines for the > information we need to diagnose connection problems. >The solution to my problem was a simple one. The problem was that I ḧad the wrong interface in the masq file. Instead of the VPN tunnel device I had the ethernet nic in it. I changed that and now it is working as expected. Stupid mistake, my excuse ;-) Greetz Peter Lindeman ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev