Gargoyle 1.70 VPN issue

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Gargoyle 1.70 VPN issue

Postby gendo » Tue Jan 06, 2015 4:25 am

Think i found a bug with vpn. Vpn connects successfully from client and route is added. when i ping router which is 192.168.1.254 from vpn client, it is succesfull

Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time=23ms TTL=64
Reply from 192.168.1.254: bytes=32 time=21ms TTL=64

however if i ping another host (with LAN Subnet Access: Allow clients to access hosts on lan)
image 1.png
image 1.png (109.81 KiB) Viewed 4838 times
i get the following

Pinging 192.168.1.253 with 32 bytes of data:
Reply from 10.8.0.1: Destination port unreachable.
Reply from 10.8.0.1: Destination port unreachable.

If i change LAN Subnet Access: to clients cannot access lan
image 2.png
image 2.png (88.63 KiB) Viewed 4838 times
i get

Pinging 192.168.1.253 with 32 bytes of data:
Request timed out.
Request timed out.


in essence i cannot access any hosts behind the vpn server, i can only access the vpn server (gargoyle) seems like there is no route back (or more probably traffic is being blocked) from clients behind vpn server (gargoyle)

ispyisail
Moderator
Posts: 4597
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Postby ispyisail » Tue Jan 06, 2015 5:51 am

why are you using port 80?

default is 1194

I also use UDP??

ispyisail
Moderator
Posts: 4597
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Postby ispyisail » Tue Jan 06, 2015 5:56 am

In the past I've had problems with OpenVPN (usually when I don't wait long enough for key generation)

In theses cases I have to do a failsafe reset

gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Re: Gargoyle 1.70 VPN issue

Postby gendo » Tue Jan 06, 2015 6:00 am

Thanks for your feedback, but vpn connects fine and i can access the gargoyle vpn host via it's internal ip i.e. 192.168.1.254 perfectly finefrom the remote vpn client..

teh problem is when accessing other host on the network behind the gargoyle host.

I'm using port 80 since the location from where i access the vpn has only port 80 open.. this used to work fine with 1.62

hsk
Posts: 1
Joined: Thu Dec 18, 2014 11:07 pm

Re: Gargoyle 1.70 VPN issue

Postby hsk » Tue Jan 06, 2015 6:08 am

lan_vpn_forwarding.png
lan_vpn_forwarding.png (8.17 KiB) Viewed 4822 times


I've solved the problem by adding these missing lines:

Code: Select all

config forwarding 'lan_vpn_forwarding'
        option src 'vpn'
        option dest 'lan'

to /etc/config/firewall manually, and restarting firewall (/etc/init.d/firewall restart).

I'm not sure if this is the cleanest solution, anyway, it works for me.
(Gargoyle 1.7.x with DIR-825 B1 fat)

I'VE TESTED:
Ping from VPN subnet to LAN subnet works. (vice versa)
FTP connect from VPN subnet(Client) to LAN subnet(Server) works.


Hope this helps you and Gargoyle Developers.

Thanks for the wonderful Gargoyle-router Firmware.
(I've migrated from DD-WRT to Gargoyle lately, and Gargoyle is really nice and stable!)
Last edited by hsk on Tue Jan 06, 2015 6:33 am, edited 2 times in total.

ispyisail
Moderator
Posts: 4597
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Gargoyle 1.70 VPN issue

Postby ispyisail » Tue Jan 06, 2015 6:16 am

Thanks

hsk

gendo
Posts: 14
Joined: Tue Jan 06, 2015 3:58 am

Re: Gargoyle 1.70 VPN issue

Postby gendo » Tue Jan 06, 2015 6:52 am

Thanks Hsk that fixed it :)

jki
Posts: 8
Joined: Sat Jul 14, 2012 3:00 pm

Re: Gargoyle 1.70 VPN issue

Postby jki » Thu Jan 08, 2015 5:43 am

Issue and workaround confirmed here as well. This used to work in previous releases without such a rule, just checked the saved config.


Return to “Other Issues”

Who is online

Users browsing this forum: No registered users and 6 guests