| Anonymous | Login | 2024-12-22 00:08 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001046 | ClearOS | app-firewall - Firewall | public | 2013-03-20 15:46 | 2013-04-22 10:23 | ||||
| Reporter | dloper | ||||||||
| Assigned To | dloper | ||||||||
| Priority | low | Severity | minor | Reproducibility | have not tried | ||||
| Status | closed | Resolution | won't fix | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 6.3.0 | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0001046: OpenVPN tunnel works for clients behind firewall unless they are included in 1:1 NAT | ||||||||
| Description | When an OpenVPN site to site tunnel is configured, workstations can access servers on the other side of the tunnel except for when a 1:1 nat rule is applied to that particular workstation. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000761) dloper (administrator) 2013-03-22 15:59 |
This is also the case for ClearOS 5.x when hosts are part of the network and are assigned to 1:1, they are unable to reach hosts in the TUN network. What is happening here is that the source packet is being nat'ed to the address in the 1:1 nat such that the host in the tunnel receives the packet with the public IP address represented in 1:1 instead of the internal IP as the respond-to address. The host then replies but NOT in the tunnel and the packet is received by the 1:1 alias address and is dropped because of a state violation. |
|
(0000762) user2 2013-03-22 20:40 |
The firewall has some special rules to handle NAT policies for IPsec VPN. These same rules likely need to be applied to OpenVPN tunnels as well. |
|
(0000805) dloper (administrator) 2013-04-22 10:22 |
This bug is deprecated by this one extended report: http://tracker.clearfoundation.com/view.php?id=1108 [^] |
|
(0000806) dloper (administrator) 2013-04-22 10:23 |
Deprecated and moved to: http://tracker.clearfoundation.com/view.php?id=1108 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-03-20 15:46 | dloper | New Issue | |
| 2013-03-22 15:59 | dloper | Note Added: 0000761 | |
| 2013-03-22 20:37 | user2 | Project | ClearCenter => ClearOS |
| 2013-03-22 20:37 | user2 | Category | clearos-release-professional => General |
| 2013-03-22 20:37 | user2 | Status | new => confirmed |
| 2013-03-22 20:37 | user2 | Category | General => app-firewall - Firewall |
| 2013-03-22 20:37 | user2 | Target Version | 6.3.0 => |
| 2013-03-22 20:40 | user2 | Note Added: 0000762 | |
| 2013-04-22 10:22 | dloper | Note Added: 0000805 | |
| 2013-04-22 10:22 | dloper | Assigned To | => dloper |
| 2013-04-22 10:22 | dloper | Status | confirmed => assigned |
| 2013-04-22 10:23 | dloper | Note Added: 0000806 | |
| 2013-04-22 10:23 | dloper | Status | assigned => closed |
| 2013-04-22 10:23 | dloper | Resolution | open => won't fix |
|
Issue History |