OPNsense Forum

English Forums => General Discussion => Topic started by: greY on February 12, 2019, 10:16:40 pm

Title: [solved] route issue on connections over site 2 site vpn
Post by: greY on February 12, 2019, 10:16:40 pm

Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?

Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 13, 2019, 05:34:57 am

Reverse Proxy runs on the same device as IPSec peer?

Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 13, 2019, 07:30:16 pm

Reverse Proxy runs on OPNsense.
The infrastructure looks like this:
 site A                                        site B
|OPNsense|                              |Unifi USG |
|              |----IPSEC tunnel-----|               |
|HAproxy  |                              |               |
      |
      |
WEB Services

Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 13, 2019, 07:48:31 pm

Then you have to add your WAN/32 to IPSec SA

Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 13, 2019, 09:07:16 pm

Thanks, but please could you describe a bit more exactly what to do ? ;)

Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 14, 2019, 05:55:55 pm

In Phase2 add local net your WAN adress as network with /32 and remote the other LAN

Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 15, 2019, 09:38:09 pm

The issue was that haproxy was only listening to 127.0.0.1:port, I added the local router IP:port and everything works.
anyways thanks for helping.