This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Site-to-Site: only one side works.

Hello guys!

UTM9. I have PPPOE on both sides. The UTM's SSL VPN connect fine, but only the client side can ping the server side of the VPN. The setup is very simple. I am pulling my hair off over this issue. I already read tons of messages from the list but, couldn't find any similar problem. Any ideas will be appreciated. I will post logs on the next thread.

This thread was automatically locked due to age.

Parents

0 cemendes over 12 years ago

Here is the log of the client side.

2012:09:18-02:56:02 prestech1 openvpn[9358]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
2012:09:18-02:56:02 prestech1 openvpn[9358]: PLUGIN_INIT: POST /usr/lib/openvpn-utm.so '[/usr/lib/openvpn-utm.so] [REF_SslCliLojabenfic]' intercepted=PLUGIN_UP|PLUGIN_DOWN
2012:09:18-02:56:02 prestech1 openvpn[9358]: LZO compression initialized
2012:09:18-02:56:02 prestech1 openvpn[9358]: Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
2012:09:18-02:56:02 prestech1 openvpn[9358]: Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
2012:09:18-02:56:02 prestech1 openvpn[9358]: Local Options hash (VER=V4): '619088b2'
2012:09:18-02:56:02 prestech1 openvpn[9358]: Expected Remote Options hash (VER=V4): 'a4f12474'
2012:09:18-02:56:02 prestech1 openvpn[9358]: Attempting to establish TCP connection with 177.19.150.150:444 [nonblock]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCP connection established with 177.19.150.150:444
2012:09:18-02:56:03 prestech1 openvpn[9358]: Socket Buffers: R=[87380->131072] S=[20440->131072]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCPv4_CLIENT link local: [undef]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCPv4_CLIENT link remote: 177.19.150.150:444
2012:09:18-02:56:03 prestech1 openvpn[9358]: TLS: Initial packet from 177.19.150.150:444, sid=c70ca737 8fbbdc3d
2012:09:18-02:56:03 prestech1 openvpn[9358]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY OK:
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY X509NAME OK:
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY OK:
2012:09:18-02:56:05 prestech1 openvpn[9358]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2012:09:18-02:56:05 prestech1 openvpn[9358]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2012:09:18-02:56:05 prestech1 openvpn[9358]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2012:09:18-02:56:05 prestech1 openvpn[9358]: [fw-novanetinfo] Peer Connection Initiated with 177.19.150.150:444
2012:09:18-02:56:07 prestech1 openvpn[9358]: SENT CONTROL [fw-novanetinfo]: 'PUSH_REQUEST' (status=1)
2012:09:18-02:56:07 prestech1 openvpn[9358]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,setenv-safe remote_network_1 192.168.150.0/24,setenv-safe local_network_1 192.168.0.0/24,ifconfig 10.242.2.6 10.242.2.5'
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: --ifconfig/up options modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: route options modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: environment modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: ROUTE default_gateway=200.222.117.77
2012:09:18-02:56:07 prestech1 openvpn[9358]: TUN/TAP device tun0 opened
2012:09:18-02:56:07 prestech1 openvpn[9358]: TUN/TAP TX queue length set to 100
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip link set dev tun0 up mtu 1500
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip addr add dev tun0 local 10.242.2.6 peer 10.242.2.5
2012:09:18-02:56:07 prestech1 openvpn[9358]: PLUGIN_CALL: POST /usr/lib/openvpn-utm.so/PLUGIN_UP status=0
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip route add 192.168.150.0/24 via 10.242.2.5 dev tun0
2012:09:18-02:56:07 prestech1 openvpn[9358]: Initialization Sequence Completed
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cemendes over 12 years ago

Here is the log of the client side.

2012:09:18-02:56:02 prestech1 openvpn[9358]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
2012:09:18-02:56:02 prestech1 openvpn[9358]: PLUGIN_INIT: POST /usr/lib/openvpn-utm.so '[/usr/lib/openvpn-utm.so] [REF_SslCliLojabenfic]' intercepted=PLUGIN_UP|PLUGIN_DOWN
2012:09:18-02:56:02 prestech1 openvpn[9358]: LZO compression initialized
2012:09:18-02:56:02 prestech1 openvpn[9358]: Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
2012:09:18-02:56:02 prestech1 openvpn[9358]: Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
2012:09:18-02:56:02 prestech1 openvpn[9358]: Local Options hash (VER=V4): '619088b2'
2012:09:18-02:56:02 prestech1 openvpn[9358]: Expected Remote Options hash (VER=V4): 'a4f12474'
2012:09:18-02:56:02 prestech1 openvpn[9358]: Attempting to establish TCP connection with 177.19.150.150:444 [nonblock]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCP connection established with 177.19.150.150:444
2012:09:18-02:56:03 prestech1 openvpn[9358]: Socket Buffers: R=[87380->131072] S=[20440->131072]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCPv4_CLIENT link local: [undef]
2012:09:18-02:56:03 prestech1 openvpn[9358]: TCPv4_CLIENT link remote: 177.19.150.150:444
2012:09:18-02:56:03 prestech1 openvpn[9358]: TLS: Initial packet from 177.19.150.150:444, sid=c70ca737 8fbbdc3d
2012:09:18-02:56:03 prestech1 openvpn[9358]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY OK:
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY X509NAME OK:
2012:09:18-02:56:03 prestech1 openvpn[9358]: VERIFY OK:
2012:09:18-02:56:05 prestech1 openvpn[9358]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2012:09:18-02:56:05 prestech1 openvpn[9358]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2012:09:18-02:56:05 prestech1 openvpn[9358]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2012:09:18-02:56:05 prestech1 openvpn[9358]: [fw-novanetinfo] Peer Connection Initiated with 177.19.150.150:444
2012:09:18-02:56:07 prestech1 openvpn[9358]: SENT CONTROL [fw-novanetinfo]: 'PUSH_REQUEST' (status=1)
2012:09:18-02:56:07 prestech1 openvpn[9358]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,setenv-safe remote_network_1 192.168.150.0/24,setenv-safe local_network_1 192.168.0.0/24,ifconfig 10.242.2.6 10.242.2.5'
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: --ifconfig/up options modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: route options modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: OPTIONS IMPORT: environment modified
2012:09:18-02:56:07 prestech1 openvpn[9358]: ROUTE default_gateway=200.222.117.77
2012:09:18-02:56:07 prestech1 openvpn[9358]: TUN/TAP device tun0 opened
2012:09:18-02:56:07 prestech1 openvpn[9358]: TUN/TAP TX queue length set to 100
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip link set dev tun0 up mtu 1500
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip addr add dev tun0 local 10.242.2.6 peer 10.242.2.5
2012:09:18-02:56:07 prestech1 openvpn[9358]: PLUGIN_CALL: POST /usr/lib/openvpn-utm.so/PLUGIN_UP status=0
2012:09:18-02:56:07 prestech1 openvpn[9358]: /bin/ip route add 192.168.150.0/24 via 10.242.2.5 dev tun0
2012:09:18-02:56:07 prestech1 openvpn[9358]: Initialization Sequence Completed
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data