Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modify firewall #1203

Open
denissanga opened this issue Mar 5, 2024 · 3 comments
Open

modify firewall #1203

denissanga opened this issue Mar 5, 2024 · 3 comments
Labels
duplicate question

Comments

@denissanga
Copy link

Hi, I have a GLinet with Openwrt installed and I add openfortivpn.

I can connect to fortigate succesfully with terminal command openfortivpn -c ./config

then I have a fortigate and when I'm connected to fortigate lan I would like reach the devices connected to GLinet remotely. It is possible?

for example I have:

  1. fortigate 60F
  2. router -> GLinet (IP 192.168.1.10 DHCP 192.168.5.xxx) with openfortivpn -> device PC 192.168.5.10
    -> device NAS static ip 10.0.0.10
    -> device PLC static ip 20.0.0.10
    -> PC 192.168.1.11

when I'm connected to fortigate lan I would reach remotely the devices connected to GLinet : 192.168.5.10, 10.0.0.10, 20.0.0.10, 192.168.1.11

it is possible?
many thanks in advance
@denissanga denissanga changed the title modify firwall modify firewall Mar 5, 2024
@DimitriPapadopoulos
Copy link
Collaborator

DimitriPapadopoulos commented Mar 5, 2024
edited
Loading

I have no clue what GL.iNet is, but I think it is irrelevant here because it is just a piece of hardware hardware running OpenWrt.

To answer your question, openfortivpn does what the Fortigate asks it to do. Often, corporate VPN servers want all network traffic to be redirected through the tunnel, which means your LAN is not accessible while the VPN is running. Therefore you need to modify this default behaviour. See for example How to add specific routes using pppd.

By the way, I suspect this has nothing to do with firewalls, just routing.

@denissanga
Copy link
Author

denissanga commented Mar 6, 2024
edited by DimitriPapadopoulos
Loading

many many thanks for your help.
I have just one more question

I connected my glinet Openwrt with openfortivpn and it connect for few seconds and then I obtain: Unknown error

Wed Mar  6 10:02:59 2024 daemon.err openfortivpn[22569]: pppd: Terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
Wed Mar  6 10:02:59 2024 daemon.info openfortivpn[22569]: Terminated pppd.
Wed Mar  6 10:02:59 2024 daemon.info openfortivpn[22569]: Closed connection to gateway.
Wed Mar  6 10:02:59 2024 daemon.warn openfortivpn[22569]: getsockopt: SO_SNDBUF: Protocol not available
Wed Mar  6 10:02:59 2024 daemon.warn openfortivpn[22569]: getsockopt: SO_RCVBUF: Protocol not available
Wed Mar  6 10:03:01 2024 daemon.info openfortivpn[22569]: Logged out.
Wed Mar  6 10:03:01 2024 daemon.notice netifd: openfortivpn (22562): VPN account password:
Wed Mar  6 10:03:02 2024 user.notice mwan3[24259]: Execute ifdown event on interface openfortivpn (unknown)
Wed Mar  6 10:03:02 2024 daemon.notice netifd: Interface 'openfortivpn' is now down
Wed Mar  6 10:03:11 2024 user.notice firewall: Reloading firewall due to ifdown of openfortivpn ()

can you help me understand why it disconnect?
first line of log is: Wed Mar 6 10:02:59 2024 daemon.err openfortivpn[22569]: pppd: Terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal

@DimitriPapadopoulos
Copy link
Collaborator

Please run openfortivpn from the command line if you want help, not as a daemon.

https://github.com/adrienverge/openfortivpn/wiki#reporting-issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DimitriPapadopoulos @denissanga