modify firewall

Question

modify firewall

denissanga opened this issue 3 months ago · comments

Hi, I have a GLinet with Openwrt installed and I add openfortivpn.

I can connect to fortigate succesfully with terminal command openfortivpn -c ./config

then I have a fortigate and when I'm connected to fortigate lan I would like reach the devices connected to GLinet remotely. It is possible?

for example I have:

fortigate 60F
router -> GLinet (IP 192.168.1.10 DHCP 192.168.5.xxx) with openfortivpn -> device PC 192.168.5.10
-> device NAS static ip 10.0.0.10
-> device PLC static ip 20.0.0.10
-> PC 192.168.1.11

when I'm connected to fortigate lan I would reach remotely the devices connected to GLinet : 192.168.5.10, 10.0.0.10, 20.0.0.10, 192.168.1.11

it is possible?
many thanks in advance

Dimitri Papadopoulos Orfanos · Answer 1 · Tue Mar 05 2024 17:51:53 GMT+0800 (China Standard Time)

I have no clue what GL.iNet is, but I think it is irrelevant here because it is just a piece of hardware hardware running OpenWrt.

To answer your question, openfortivpn does what the Fortigate asks it to do. Often, corporate VPN servers want all network traffic to be redirected through the tunnel, which means your LAN is not accessible while the VPN is running. Therefore you need to modify this default behaviour. See for example How to add specific routes using pppd.

By the way, I suspect this has nothing to do with firewalls, just routing.

denissanga · Answer 2 · Wed Mar 06 2024 17:18:26 GMT+0800 (China Standard Time)

many many thanks for your help.
I have just one more question

I connected my glinet Openwrt with openfortivpn and it connect for few seconds and then I obtain: Unknown error

Wed Mar  6 10:02:59 2024 daemon.err openfortivpn[22569]: pppd: Terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
Wed Mar  6 10:02:59 2024 daemon.info openfortivpn[22569]: Terminated pppd.
Wed Mar  6 10:02:59 2024 daemon.info openfortivpn[22569]: Closed connection to gateway.
Wed Mar  6 10:02:59 2024 daemon.warn openfortivpn[22569]: getsockopt: SO_SNDBUF: Protocol not available
Wed Mar  6 10:02:59 2024 daemon.warn openfortivpn[22569]: getsockopt: SO_RCVBUF: Protocol not available
Wed Mar  6 10:03:01 2024 daemon.info openfortivpn[22569]: Logged out.
Wed Mar  6 10:03:01 2024 daemon.notice netifd: openfortivpn (22562): VPN account password:
Wed Mar  6 10:03:02 2024 user.notice mwan3[24259]: Execute ifdown event on interface openfortivpn (unknown)
Wed Mar  6 10:03:02 2024 daemon.notice netifd: Interface 'openfortivpn' is now down
Wed Mar  6 10:03:11 2024 user.notice firewall: Reloading firewall due to ifdown of openfortivpn ()

can you help me understand why it disconnect?
first line of log is: Wed Mar 6 10:02:59 2024 daemon.err openfortivpn[22569]: pppd: Terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal

Dimitri Papadopoulos Orfanos · Answer 3 · Wed Mar 06 2024 18:25:07 GMT+0800 (China Standard Time)

Please run openfortivpn from the command line if you want help, not as a daemon.

https://github.com/adrienverge/openfortivpn/wiki#reporting-issues