Site to Site after OPNsense 17.7.9 does not route the traffic

[Julien]

Dear all,
Today i have updated two hardware OPNsense to the latest version.
OPNsense 17.7.9_9-amd64
however after the update i noticed the site to site VPN seems not to route the traffic from the Client to the server

Server= 192.168.4.1
Client = 10.10.20.3

From the server i can connect to the client 10.10.20.3 on the other side of the country however from the client i can't ping or connect to the server.
when i trace route the traffic from the client to the server its comes back with time out.

Code: [Select]

C:\>tracert 192.168.4.1

Tracing route to 192.168.4.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
Can someone please help to point me to the right direction ?

Thank you
  4     *

[franco]

Hi Julien,

For a marginally useful assessment we need to know the version you upgraded from where this was working ok?


Cheers,
Franco

[mimugmail]

With 17.7.9 (without _9) it had a similar problem. I disabled automatic ping host in P2 and then it was working .. but this should already be fixed

[Julien]

Hi Julien,

For a marginally useful assessment we need to know the version you upgraded from where this was working ok?


Cheers,
Franco

Hi Franco,
the previously version is the one before 17,7,9 we keep our firewall always updated so I believe it was 17,7,8


Thank you

mimugmail  the ping is not working and also we can't conenct or rdp the machines on the server side.
thank you

[mimugmail]

No, I meant if you have this feature active the tunnel doesn't work .. so removing anything in that line did the trick for me

[Julien]

No, I meant if you have this feature active the tunnel doesn't work .. so removing anything in that line did the trick for me

Thank you mate, i dont have this really , from the server i can connect to the client and from the client not the server, i beleive the tunnel is both sides up only from the clients its not routing back to the server.

[Julien]

Can someone please advise as we need this tunnel up ?
firewall rules check no block from the client on the server firewall.
we have the same tunnels created with other office and it does works,
we noticed the only different between those two offices is this one using multi WAN and also we have some floating rules to allow the access to the gui over the multiple VLANS.

Can someone please advice where to look?

[mimugmail]

Do you use gateway rules? Try to disable multi WAN to find the error

[Julien]

Do you use gateway rules? Try to disable multi WAN to find the error

Thank you for your answer,
what do you mean with Gateway rules? where I am supposed to check this ?

[mimugmail]

In Firewall rules set a gateway option .. like in the multi wan howto?

[Julien]

In Firewall rules set a gateway option .. like in the multi wan howto?

Thank you for your answer
just checked it and its not enabled,
i have disabled the multi WAN but still can't access the server side from the client side.
i really can't see any logs in the firewall !