Messages

1

Virtual private networks / IPSec problem - establishing IKE_SA failed, peer not responding

« on: October 07, 2024, 12:07:28 am »

I got the configuration of the connection to the main office of the company via ipsec. I configured phase 1 and phase 2 but in the logs I see that I can't connect. No response from the remote server. I have created firewall rules, I don't know if they are ok. But I'm afraid that my gateway is blocking something.

2

24.7 Production Series / Re: I need help with firewall rules for IPSec connections

« on: October 04, 2024, 07:47:00 am »

Are you asking about the remote gateway window in forticlient console? I tried by IP and domain name.

3

24.7 Production Series / I need help with firewall rules for IPSec connections

« on: October 03, 2024, 11:31:41 pm »

Hi,

1. I have a dozen or so computers that connect from the LAN to another location using Forti Client. Run on their computers. Typical road warrior. But for a few days now there's been a problem with this (after changing the Internet provider). It doesn't work on the new one. When I switch to the old provider, it works without a problem. My rules aren't even needed.

2. I decided to create rules. Are my sample rules good? Why can only the first computer on the list connect after enabling the rules? (192.168.200.134) and the next one can't? By default, the exit to the world from the LAN is enabled without restrictions, right? Do I need rules allowing entry to my gateway to establish such a connection? Maybe my rules are unnecessary?

2. And do I have to restart the entire gateway for each added rule or modification?

3. How can I check in the logs whether a given rule worked and what it returned?

Thank you very much in advance for your answers

4

24.7 Production Series / Re: Openvpn multiple remote routers - how to connect

« on: September 27, 2024, 11:23:00 am »

my conf on server site

192.168.200.0/24 its network in my head office

192.168.1.0/24 its a network in my remote "office".

as a reminder. Remote hosts is a routers with GSM and dynamic IP. I can't treat them as S2S connections but roadwarrior. Right?

5

24.7 Production Series / Re: Openvpn multiple remote routers - how to connect

« on: September 27, 2024, 01:14:14 am »

When I enter 192.168.1.0/24 in the "remote network" field and start a tunnel on Teltonika, the computer connected to it has no access to the Internet. There is access to network resources in the main office. If I remove this entry, the Internet works correctly. Do I need any additional rules for the firewall?

edit:
it didn't work because when creating a vpn server, a gateway is also created automatically (I don't know why). I turned it off and it started.

6

24.7 Production Series / Re: Openvpn multiple remote routers - how to connect

« on: September 26, 2024, 11:33:39 pm »

Thank you for your answer. Should I enter the address of my local network of the main office (192.168.200.0/24) in the "local network" field and the address of the network on the remote routers (192.168.1.0/24) in the "remote network" field? Each of these remote routers has the same local network. Will this work?

edit:

the connection method between the main office is rather road warrior than S2S. Remote routers have dynamic external addresses (GSM cards)

7

24.7 Production Series / Openvpn multiple remote routers - how to connect

« on: September 26, 2024, 10:45:09 pm »

Hello, I am asking for advice

I need to connect several remote offices using openvpn. Each office has a teltonika with a local network 192.168.1.0/24. What is the best way to connect these offices to my server? Creating one openvpn server with one tunnel address, e.g. 192.168.205.0/24 and each teltonika will be a client, or creating as many openvpn servers with different tunnel address, e.g. 192.168.205.0/24 (teltonika 1), 192.168.206.0/24 (teltonika 2), etc.? For this I would have to create as many interfaces as there are teltonikas