English Forums > Virtual private networks

Second OpenVPN will not work

(1/1)

LastMohawk:
I have one Opensense that works fine:
192.168.1.254 (Lan)
OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w
Rdp works fine.

For migration I installed a second Opensense parallel to the first one with the latest updates:
192.168.1.253 (Lan)
OPNsense 24.1.5_2-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

I'm able to connect both via VPN from outside, also I'm able to connect the webgui. The configuration match, very often checked but I'm not able to ping a system in then Lan via VPN from outside with the new opensense (253) - see attachment, a simplified network diagram. So it is impossible to connect any PC in the Lan via Rdp.
I become desperate with the updated system so I fear to update all other Opensense systems.
Is there something important to know about the version 24?

FraLem:
Hi,
I would suggest to verify firewall configuration on the new system as well as routing table on the LAN devices.
Hope this helps
Rgds

LastMohawk:
Hi,
all adjustments are equal but the IP-addresses. Routing tables also. There is one thing that is very strange:
I login via VPN on the old Opensense. I can reach all systems in the LAN behind the Opensense but the new firewall. A ping with 192.168.1.253 gets no answer.
I will build a testenvironment at home with the same constellation. I'm very curious about it.

LastMohawk:
After playing with a test environment I will conclude that this wouldn't work.
Both Opensense worked in single mode but together only one system is usable.
I found out that the reason was the gateway address used in LAN. The gateway showed to one of the Opensense. So a ping via vpn through this system got an answer, a ping through the other system got no answer. After changing the gateway adress to the other Opensense the function changed to the other system. I set two gateway addresses in the LAN but without any result - Windows decided by itself which gateway-address will be used.
Is there a way to get both systems working?

FraLem:
If I get it right, your goal is to set both devices in HA mode.
Should this be the case you are missing some of the configuration, take a look into https://docs.opnsense.org/manual/hacarp.html.

Regards

Navigation

[0] Message Index