Gargoyle 1.70 VPN issue

gendo · Post by **gendo** » Tue Jan 06, 2015 4:25 am

Think i found a bug with vpn. Vpn connects successfully from client and route is added. when i ping router which is 192.168.1.254 from vpn client, it is succesfull

Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time=23ms TTL=64
Reply from 192.168.1.254: bytes=32 time=21ms TTL=64

however if i ping another host (with LAN Subnet Access: Allow clients to access hosts on lan)

: image 1.png (109.81 KiB) Viewed 10414 times

i get the following

Pinging 192.168.1.253 with 32 bytes of data:
Reply from 10.8.0.1: Destination port unreachable.
Reply from 10.8.0.1: Destination port unreachable.

If i change LAN Subnet Access: to clients cannot access lan

: image 2.png (88.63 KiB) Viewed 10414 times

i get

Pinging 192.168.1.253 with 32 bytes of data:
Request timed out.
Request timed out.

in essence i cannot access any hosts behind the vpn server, i can only access the vpn server (gargoyle) seems like there is no route back (or more probably traffic is being blocked) from clients behind vpn server (gargoyle)

Post by **ispyisail** » Tue Jan 06, 2015 5:51 am

why are you using port 80?

default is 1194

I also use UDP??

Post by **ispyisail** » Tue Jan 06, 2015 5:56 am

In the past I've had problems with OpenVPN (usually when I don't wait long enough for key generation)

In theses cases I have to do a failsafe reset

gendo · Post by **gendo** » Tue Jan 06, 2015 6:00 am

Thanks for your feedback, but vpn connects fine and i can access the gargoyle vpn host via it's internal ip i.e. 192.168.1.254 perfectly finefrom the remote vpn client..

teh problem is when accessing other host on the network behind the gargoyle host.

I'm using port 80 since the location from where i access the vpn has only port 80 open.. this used to work fine with 1.62

hsk · Post by **hsk** » Tue Jan 06, 2015 6:08 am

: lan_vpn_forwarding.png (8.17 KiB) Viewed 10398 times

I've solved the problem by adding these missing lines:

Code: Select all

config forwarding 'lan_vpn_forwarding'
        option src 'vpn'
        option dest 'lan'

to /etc/config/firewall manually, and restarting firewall (/etc/init.d/firewall restart).

I'm not sure if this is the cleanest solution, anyway, it works for me.
(Gargoyle 1.7.x with DIR-825 B1 fat)

I'VE TESTED:
Ping from VPN subnet to LAN subnet works. (vice versa)
FTP connect from VPN subnet(Client) to LAN subnet(Server) works.

Hope this helps you and Gargoyle Developers.

Thanks for the wonderful Gargoyle-router Firmware.
(I've migrated from DD-WRT to Gargoyle lately, and Gargoyle is really nice and stable!)

Post by **ispyisail** » Tue Jan 06, 2015 6:16 am

Thanks

hsk

gendo · Post by **gendo** » Tue Jan 06, 2015 6:52 am

Thanks Hsk that fixed it

jki · Post by **jki** » Thu Jan 08, 2015 5:43 am

Issue and workaround confirmed here as well. This used to work in previous releases without such a rule, just checked the saved config.

Gargoyle Forum

Gargoyle 1.70 VPN issue

Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue

Re: Gargoyle 1.70 VPN issue