Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Subscribers 30 subscribers
  • Views 59520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Remote Access working, "use as default gateway not"

Timothy Stewart

Hi.  I have SSL VPN working with remote access users.  I can remote to any of the machines listed in Tunnel Access - Permitted Network Resources however I cannot use my XG Firewall as a gateway.  When ever this setting is turned on, remote clients cannot access the internet.

I have made sure the #Port1 and #Port2 (LAN/WAN) were added to Tunnel Access > Permitted Network Resources and that my firewall rule is allowing Source Zone: VPN -> Destination Zone: LAN/WAN/Any

I am hoping to use my XG Firewall as a gateway for http/s internet requests when working remotely.

Thanks!



This thread was automatically locked due to age.
Parents
  • 0
    Does anyone have SSL VPN working on remote clients if you use your internal network as the gateway? I have fiddled with my rules for hours and read through the admin guide however nothing is working. Everything is working but this... this should be easy.
  • 0 in reply to Timothy Stewart
    This has been working for me, using the internal network as the gateway. If you followed the guide for configuring the VPN, then my guess is that the trouble lies somewhere with the firewall policies.

    Did you add the VPN network to a default policy that does IP Masquerading? In order to use the network as a gateway, it will need to masquerade the VPN user IPs in order to route their traffic.
Reply
  • 0 in reply to Timothy Stewart
    This has been working for me, using the internal network as the gateway. If you followed the guide for configuring the VPN, then my guess is that the trouble lies somewhere with the firewall policies.

    Did you add the VPN network to a default policy that does IP Masquerading? In order to use the network as a gateway, it will need to masquerade the VPN user IPs in order to route their traffic.
Children
  • 0 in reply to BrianCarp

    Hi.  Thanks for the reply.  Yes I have verified both.

    I can access resources on my LAN from VPN, it just seems like the default gateway settings are not working.  I look at the logs on my OpenVPN client, does any of this seem to be of concern?

    2016-01-04 18:04:44 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
    2016-01-04 18:04:44 Session is ACTIVE
    2016-01-04 18:04:44 EVENT: GET_CONFIG
    2016-01-04 18:04:44 Sending PUSH_REQUEST to server...
    2016-01-04 18:04:45 OPTIONS:
    0 [route-gateway] [192.168.3.105]
    1 [ping] [45]
    2 [ping-restart] [180]
    3 [redirect-gateway] [def1]
    4 [topology] [subnet]
    5 [route] [remote_host] [255.255.255.255] [net_gateway]
    6 [dhcp-option] [DNS] [192.168.0.1]
    7 [dhcp-option] [DOMAIN] [{example.com}]
    8 [ifconfig] [192.168.3.106] [255.255.255.0]

    2016-01-04 18:04:45 LZO-ASYM init swap=0 asym=1
    2016-01-04 18:04:45 Comp-stub init swap=0
    2016-01-04 18:04:45 EVENT: ASSIGN_IP
    2016-01-04 18:04:45 Error parsing IPv4 route: [route] [remote_host] [255.255.255.255] [net_gateway] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': remote_host/255.255.255.255 : ip_exception: error parsing route IP address 'remote_host' : Invalid argument
    2016-01-04 18:04:45 Connected via tun
    2016-01-04 18:04:45 EVENT: CONNECTED {user@example.com}:8443 ({WAN_IP}) via /UDPv4 on tun/192.168.3.106/
    2016-01-04 18:04:45 SetStatus Connected

  • 0 in reply to Timothy Stewart
    Getting closer. Upon capturing packets I see this:
    Violation Local_ACL where the source IP is my VPN client. It must be one of my rules! Digging further...