Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN users SSH to server

egblue
I've been trying to get VPN users to access a server behind the Astaro firewall.
I created a PF rule:
SSL VPN -> ANY -> ANY
But I still keep getting reject.
Here is a log line:
 
2010:07:23-09:39:38 207 ulogd[3266]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="50" seq="0" initf="br0" outitf="br0" dstmac="00:1a:8c:15:65:10" srcmac="00:11:5d:6f:30:00" srcip="***.***.***.***(the firewall's hostname)" dstip="***.***.***.***(server behind firewall)" proto="6" length="64" tos="0x00" prec="0x00" ttl="62" srcport="50024" dstport="22" tcpflags="SYN"

Thanks in advance!


This thread was automatically locked due to age.
Parents
  • 0
    It looks like your packet filter Allow rule has a number higher than fwrule="50" - remember that they are processed in sequence. 

    But, you can do this without a PF rule: Since you want the Remote users to have access to everything, it would be clearer to select 'Automatic packet filter rules' in the SSL configuration and indicate there the 'Local networks' to which the users should have access.  That could be "Internal (Network)" or just limited to {server behind firewall}.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    It looks like your packet filter Allow rule has a number higher than fwrule="50" - remember that they are processed in sequence. 

    But, you can do this without a PF rule: Since you want the Remote users to have access to everything, it would be clearer to select 'Automatic packet filter rules' in the SSL configuration and indicate there the 'Local networks' to which the users should have access.  That could be "Internal (Network)" or just limited to {server behind firewall}.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Cookie Information Banner