Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

7.200 SSL VPN routing some protected networks fails

Hansi
Intel Core2 2.2 GHz
2GB RAM
Astaro 7.200, software version.
No pre production/stable patches have been used.

After 7.200 upgrade some of the networks fail to be routed through the tunnel (route add).

This Astaro box protects 6 local networks to be routed through the SSL VPN tunnel. But only 3 get routed. Checking the logs it looks like it doesn't even try to route more than 3 networks.

I will open a case at Astaro as well.


This thread was automatically locked due to age.
Parents
  • 0
    Actually this might not be an issue after all. I'm posting the same answer here in this forum as a sent to the Astaro support.


    After a closer look it looks like OpenVPN have joined some of the nets and "resubnetted" them into a larger subnet.

    The nets that are supposed to be routed though the tunnel are the follwing.
    192.168.0.0/24
    192.168.2.0/24
    192.168.4.0/24
    192.168.5.0/24
    192.168.6.0/24
    192.168.7.0/24

    What OpenVPN routes through the tunnel is this (note the size of the last subnet).
    192.168.0.0/24
    192.168.2.0/24
    192.168.4.0/22

    This behavior is however new to 7.200. In 7.104 and versions before that each subnet was routed individually.
    If this is how it supposed to work then you can close this ticket. Everything works ok on the box in question. To be honest I didn't even try if the traffic passed though as it supposed to. I only reacted to the log I saw and misread the line where the larger subnet was routed.
  • 0 in reply to Hansi
    Hi Hansi,

    please refer to following link: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53121

    Here you can find a workaround for this issue.

    ________
    buddy007
  • 0 in reply to buddy007
    Actually, the tread you pointed to was a connection issue. Mine was a tunnel routing issue (which really wasn't an issue since i misread the log files). So I don't think those are related.

    But thanks for trying.
Reply
  • 0 in reply to buddy007
    Actually, the tread you pointed to was a connection issue. Mine was a tunnel routing issue (which really wasn't an issue since i misread the log files). So I don't think those are related.

    But thanks for trying.
Children
Cookie Information Banner