pimiento n00b
Joined: 09 Dec 2017 Posts: 22
|
Posted: Mon Oct 21, 2024 6:10 am Post subject: OpenFortiVPN doesn't work |
|
|
Here is my configuration:
- 192.168.1.4 — PC (Gentoo)
- 192.168.1.221 — Laptop (Ubuntu)
- 1.2.3.4 — VPN server (fortinet)
- 10.222.134.15 — GIT under VPN (I can ping it when run ofvpn on the Laptop)
When I connect to the fortinet using Laptop it works well (I can ping GIT, I can do resolve hostnames in VPN).
When I connect to there using Gentoo it connects but nothing pinging and no hostnames were resolved.
Code: |
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
INFO: Got addresses: [172.18.16.125], ns [10.206.185.123, 10.89.58.17]
INFO: Negotiation complete.
local IP address 172.18.16.125
remote IP address 1.2.3.4
INFO: Interface ppp0 is UP.
INFO: Adding VPN nameservers...
INFO: Tunnel is up and running.
|
I did /etc/init.d/iptables stop on PC and all chains are in ACCEPT status now, but no pings any way. Both PC and Laptop in the same network (router isn't the reason for the problem then).
I even rebooted to Ubunut Live CD on my PC and OpenFortinetVPN works well with the same config (and the same certificates).
Here are my routes (I'm using the same /etc/ppp/ip-up.d/60-openfortivpn.sh for both PC and Laptop and even for Ubuntu Live CD)
PC:
Code: |
$ ip r
default via 192.168.1.1 dev enp4s0
10.0.0.0/8 dev ppp0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-730fb7f523fa proto kernel scope link src 172.18.0.1
1.2.3.4 dev ppp0 proto kernel scope link src 172.18.16.125
192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.4
|
Laptop
Code: |
$ ip r
default via 192.168.1.1 dev wlp0s20f3 proto dhcp src 192.168.1.221 metric 600
10.0.0.0/8 dev ppp0 scope link
169.254.2.1 dev ppp0 proto kernel scope link src 172.18.16.125
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.1.221 metric 600
|
I even found another one laptop with Gentoo on board and openfortivpn doesn't work there neither. It looks like Gentoo has some tricks that doesn't allow openfortivpn works how it should do.
UPD: while writting this post I found that PC and Laptop got different remote IP address even though they have the same config with the same host = 1.2.3.4
UPD.1: there is bug with ppd https://github.com/adrienverge/openfortivpn/issues/1177 so the question now is how to enable legacy pppd in net-dialup/ppp ? |
|