Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN users SSH to server

egblue
I've been trying to get VPN users to access a server behind the Astaro firewall.
I created a PF rule:
SSL VPN -> ANY -> ANY
But I still keep getting reject.
Here is a log line:
 
2010:07:23-09:39:38 207 ulogd[3266]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="50" seq="0" initf="br0" outitf="br0" dstmac="00:1a:8c:15:65:10" srcmac="00:11:5d:6f:30:00" srcip="***.***.***.***(the firewall's hostname)" dstip="***.***.***.***(server behind firewall)" proto="6" length="64" tos="0x00" prec="0x00" ttl="62" srcport="50024" dstport="22" tcpflags="SYN"

Thanks in advance!


This thread was automatically locked due to age.
Parents
  • 0
    It looks like your packet filter Allow rule has a number higher than fwrule="50" - remember that they are processed in sequence. 

    But, you can do this without a PF rule: Since you want the Remote users to have access to everything, it would be clearer to select 'Automatic packet filter rules' in the SSL configuration and indicate there the 'Local networks' to which the users should have access.  That could be "Internal (Network)" or just limited to {server behind firewall}.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you for the prompt reply.
    The rule is #1, I placed it on the top and it still doesn't work.
    The automatic box is checked as well, still no go.
    What am I missing?
    Thanks in advance,
Reply Children
No Data
Cookie Information Banner