Skip to main content

IPCop and Net-to-Net VPN

More
18 years 7 months ago #13242 by Alexey
Replied by Alexey on topic Total reinstall
There are no personal firewalls in behind IPCops.
I am now reinstalling both machines entirely without openvpn and copfilter. The issue could be, that I changed the green ip addresses on both sides several times after installation.
I will post a result here few hours later.
More
18 years 7 months ago #13244 by DaLight
Replied by DaLight on topic Re: IPCop and Net-to-Net VPN
Good idea. I'm sure you realise that the installation of unsupported (though useful) addons like copfilter can sometimes cause spurious problems. I'll be interested to know how you get on.
More
18 years 7 months ago #13247 by Alexey
Replied by Alexey on topic Didn't help
I reinstalled both side IPCops, now they both have default settings, no openvpn, no copfilter.
The vpn connection is up, I can ping both green interfaces from other side, but no machines inside of the network.

routing tables are the same.
More
18 years 7 months ago #13249 by DaLight
Replied by DaLight on topic Re: IPCop and Net-to-Net VPN
I'm stumped :?

Facts:
1. The VPN tunnel establishes OK.
2. You have local subnets behind each IPCOP each covering different ranges.
3. You are able to ping the IPCOP1 GREEN IP from the GREEN subnet behind the IPCOP2 and vice versa.
4. The machines behind the IPCOPs do not have personal firewalls that could block the pings.

Two desperate questions:
1. Are the machines behind the respective IPCOPs functioning normal with respective to general internet access e.g. web, email?
2. Can you access the Web Admin GUI of IPCOP1 from a machine on the GREEN subnet behind IPCOP2 and vice versa.
More
18 years 7 months ago #13250 by Alexey
Replied by Alexey on topic Answers
1. The VPN tunnel establishes OK.
Right.

2. You have local subnets behind each IPCOP each covering different ranges.
Right.
3. You are able to ping the IPCOP1 GREEN IP from the GREEN subnet behind the IPCOP2 and vice versa.
NO!!!
I've just found out, that from 192.168.100.0 network 172.30.1.253 (IPCop1 green interface) is unreacheable.
From the other side only IPcop is reacheable.

4. The machines behind the IPCOPs do not have personal firewalls that could block the pings.
Right

Two desperate questions:
1. Are the machines behind the respective IPCOPs functioning normal with respective to general internet access e.g. web, email?
Yes. There is another gateway on the network, so, they go ok.

2. Can you access the Web Admin GUI of IPCOP1 from a machine on the GREEN subnet behind IPCOP2 and vice versa.
Yes, but from th other side - no.

I found out, that the packets, going to 192.168.100.0 (IPCop 1 green network) are all unanswered.

So, it seemes, that the problem is IPCop1.
But it's just clearly reinstalled! What should I check there?
More
18 years 7 months ago #13277 by DaLight
Replied by DaLight on topic Re: IPCop and Net-to-Net VPN
Hi Alexey, I noticed a couple of inconsistencies in your last post, so I've just put this (pretty sad) sketch together. Can you please confirm that it represents your system before we continue.

[code:1]
RED IP RED IP
53.141.108.212 92.198.180.108
GREEN IP GREEN IP
172.30.1.253 192.168.100.253
GATEWAY GATEWAY
53.141.108.209 53.141.108.209 92.198.180.1
172.30.1.0
| IPCOP 1 |
|Cisco 1700|
INTERNET
| IPCOP 2 |----192.168.100.0
network | | | Router | | | network
[/code:1]
Time to create page: 0.130 seconds