|
Post by svenman78 on Mar 24, 2016 17:24:13 GMT
Hi. I am trying to set up l2tp on smallwall. I am able to login with my user. I have created the l2tp firewallrule from the documentation as well. Seems however that the dns is not working, i am using the dns forwarder but i see i the log that port 53 is being blocked on the fw on the l2tp interface,and on the system log i see that the log says network unreachable. I even tried a fw rule on the l2tp interface accepting any on everything....
Any suggestions? I used to use the pptp vpn on smallwall/monowall earlier with no issues.
Thanks, Sven
|
|
|
Post by Lee Sharp on Mar 24, 2016 18:51:14 GMT
Can you show a snapshot of the firewall rule on the l2tp interface?
|
|
|
Post by svenman78 on Mar 24, 2016 22:06:53 GMT
Wonder if this PNG file is readable :-) As I wrote, I have just tried now to create a rule that makes it all open, to see if there was any difference. Sven
|
|
|
Post by Lee Sharp on Mar 24, 2016 22:55:45 GMT
That should work. How is your l2tp scope vs your LAN (or Opt1) scope? And can your try nslookup to your smallwall, and to 8.8.8.8?
|
|
|
Post by svenman78 on Mar 26, 2016 14:07:28 GMT
Ok, Not very fluent in network-language, but my network scope I understand you ask about how my network is set up- I use smallwall as home, and I connect to L2TP from "outside" so I can access my network at home (printer, PC etc) - I can use the internet with my home-IP since some tv-streamingsites are restricted to be used from my home IP, especially when i am travelling abroad. When I use PPTP, I just created 1 rule on the PPTP interface and it all just worked, I could access my PC at home with RDP via PPTP, I could surf the internet and when doing "whatsmyip" on a page I would see my home-IP. I am trying to do nslookup now, from a client (one of my laptops) connected to the internet via my cellphone used as a wifi-hotspot(192.168.43.1) and i have VPNed into my smallwall with L2TP. The 192.168.150.1 my smallwall internal LAN ip.
C:\>nslookup 8.8.8.8 *** Can't find server name for address 192.168.43.1: Non-existent domain DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.150.1: Timed out DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 109.247.114.4: Timed out *** Default servers are not available Server: UnKnown Address: 192.168.43.1
Name: google-public-dns-a.google.com Address: 8.8.8.8
I am not sure what is wrong with the setup, since I have used PPTP without any issues and now the only thing that changes is the PPTP->L2TP part, and I can see I am able to ping my internal IPs when I am logged on the L2TP, but the DNS seems not to want to come through/over to the L2TP interface. Obviously I have altered the FWRule now for the L2TP interface as I am trying things out to see if there is any difference in regards to DNS issue I am experiencing.
Thanks for any input.
|
|
|
Post by Lee Sharp on Mar 26, 2016 14:37:47 GMT
Are the IP addresses used for your VPN within the network of your LAN? What is the LAN address and scope? What is the VPN server address and range? Can you ping the VPN server address?
|
|
|
Post by svenman78 on Mar 26, 2016 15:06:45 GMT
LAN is 192.168.150.1/24 L2TP is 192.168.50.1/28
I see now I am no able to ping my L2TP server IP 192.168.50.1 - I guess I should be able to do this ? I am not able to ping the LAN IP either, guess I should be able to do this as well - What the heck, now I am getting confused, since I am getting an IP from the L2TP, 192.168.50.128 -
The FW log entry looks like this: (blocking icon) 16:02:11.336087 L2TP 192.168.150.1 192.168.50.128, type echoreply/0 ICMP (blocking icon) 16:02:05.846869 L2TP 192.168.150.1 192.168.50.128, type echoreply/0 ICMP (blocking icon) 16:02:00.302651 L2TP 192.168.150.1 192.168.50.128, type echoreply/0 ICMP (blocking icon) 16:01:54.885585 L2TP 192.168.150.1 192.168.50.128, type echoreply/0 ICMP
I have the FW rule on my LAN interface saying: * LAN net * * * Default LAN -> any which is what it comes with as default I guess.
I am able to ping my freeNAS on my LAN though, so - but I cannot access my freenas using its servername/domainname.
|
|
|
Post by svenman78 on Mar 26, 2016 17:10:45 GMT
Lee, got it to work now, - I looked again on the documentation, changed IPs on the L2TP interface to the same subnet as my LAN and now it seems to be better. I can ping the L2TP server IP now, I can surf the web as I want to be able to as well. we'll close this thread Thanks, Sven
|
|
|
Post by Lee Sharp on Mar 26, 2016 19:23:53 GMT
That was it. Once I saw your post above, I know what the problem was... But I guess you found it also when I gave you the hint! Good job! Solving something like this is a bigger rush to me then killing some video game level boss. But I am weird...
|
|