[solved] route issue on connections over site 2 site vpn

Started by greY, February 12, 2019, 10:16:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 12, 2019, 10:16:40 PM Last Edit: February 15, 2019, 09:38:43 PM by greY
Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?
February 13, 2019, 05:34:57 AM #1
Reverse Proxy runs on the same device as IPSec peer?
February 13, 2019, 07:30:16 PM #2
Reverse Proxy runs on OPNsense.
The infrastructure looks like this:
site A                                        site B
|OPNsense|                              |Unifi USG |
|              |----IPSEC tunnel-----|               |
|HAproxy  |                              |               |
      |
      |
WEB Services
February 13, 2019, 07:48:31 PM #3
Then you have to add your WAN/32 to IPSec SA
February 13, 2019, 09:07:16 PM #4
Thanks, but please could you describe a bit more exactly what to do ? ;)
February 14, 2019, 05:55:55 PM #5
In Phase2 add local net your WAN adress as network with /32 and remote the other LAN
February 15, 2019, 09:38:09 PM #6
The issue was that haproxy was only listening to 127.0.0.1:port, I added the local router IP:port and everything works.
anyways thanks for helping.
Print
Go Up Pages1
User actions