Gargoyle 1.70 VPN issue

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Gargoyle 1.70 VPN issue

Post by gendo »

Think i found a bug with vpn. Vpn connects successfully from client and route is added. when i ping router which is 192.168.1.254 from vpn client, it is succesfull

Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time=23ms TTL=64
Reply from 192.168.1.254: bytes=32 time=21ms TTL=64

however if i ping another host (with LAN Subnet Access: Allow clients to access hosts on lan)
image 1.png
image 1.png (109.81 KiB) Viewed 8841 times
i get the following

Pinging 192.168.1.253 with 32 bytes of data:
Reply from 10.8.0.1: Destination port unreachable.
Reply from 10.8.0.1: Destination port unreachable.

If i change LAN Subnet Access: to clients cannot access lan
image 2.png
image 2.png (88.63 KiB) Viewed 8841 times
i get

Pinging 192.168.1.253 with 32 bytes of data:
Request timed out.
Request timed out.


in essence i cannot access any hosts behind the vpn server, i can only access the vpn server (gargoyle) seems like there is no route back (or more probably traffic is being blocked) from clients behind vpn server (gargoyle)

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Post by ispyisail »

why are you using port 80?

default is 1194

I also use UDP??

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Post by ispyisail »

In the past I've had problems with OpenVPN (usually when I don't wait long enough for key generation)

In theses cases I have to do a failsafe reset

gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Re: Gargoyle 1.70 VPN issue

Post by gendo »

Thanks for your feedback, but vpn connects fine and i can access the gargoyle vpn host via it's internal ip i.e. 192.168.1.254 perfectly finefrom the remote vpn client..

teh problem is when accessing other host on the network behind the gargoyle host.

I'm using port 80 since the location from where i access the vpn has only port 80 open.. this used to work fine with 1.62

hsk
Posts: 1
Joined: Thu Dec 18, 2014 11:07 pm

Re: Gargoyle 1.70 VPN issue

Post by hsk »

lan_vpn_forwarding.png
lan_vpn_forwarding.png (8.17 KiB) Viewed 8825 times
I've solved the problem by adding these missing lines:

Code: Select all

config forwarding 'lan_vpn_forwarding'
        option src 'vpn'
        option dest 'lan'
to /etc/config/firewall manually, and restarting firewall (/etc/init.d/firewall restart).

I'm not sure if this is the cleanest solution, anyway, it works for me.
(Gargoyle 1.7.x with DIR-825 B1 fat)

I'VE TESTED:
Ping from VPN subnet to LAN subnet works. (vice versa)
FTP connect from VPN subnet(Client) to LAN subnet(Server) works.


Hope this helps you and Gargoyle Developers.

Thanks for the wonderful Gargoyle-router Firmware.
(I've migrated from DD-WRT to Gargoyle lately, and Gargoyle is really nice and stable!)
Last edited by hsk on Tue Jan 06, 2015 6:33 am, edited 2 times in total.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Post by ispyisail »

Thanks

hsk

gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Re: Gargoyle 1.70 VPN issue

Post by gendo »

Thanks Hsk that fixed it :)

jki
Posts: 12
Joined: Sat Jul 14, 2012 3:00 pm

Re: Gargoyle 1.70 VPN issue

Post by jki »

Issue and workaround confirmed here as well. This used to work in previous releases without such a rule, just checked the saved config.

Post Reply