OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: Julien on July 29, 2023, 12:41:49 am

Title: Print over the vpn
Post by: Julien on July 29, 2023, 12:41:49 am

Hello everyone,

We have set up a site-to-site Wireguard VPN to our datacenter. The LAN interface is configured to allow ports 443, 80, 53, and 9100 for printing Konica devices.

However, when the users attempt to print from the remote location to the office, it doesn't work. Printing only functions when we add the rule "any to any."

Could someone advise why this is happening and what I might be missing here? Thank you!

Title: Re: Print over the vpn
Post by: slackadelic on July 29, 2023, 04:35:33 am

Is the tunnel NATing traffic?

Title: Re: Print over the vpn
Post by: Julien on July 29, 2023, 11:28:14 am

Quote from: slackadelic on July 29, 2023, 04:35:33 am

Is the tunnel NATing traffic?

The tunnel interface firewall rules is allowing any to any of this what you mean.

Title: Re: Print over the vpn
Post by: slackadelic on July 30, 2023, 01:13:04 am

Have you done tcpdump captures on the interfaces in question to make sure the traffic is passing how it should?

Title: Re: Print over the vpn
Post by: dmark on July 30, 2023, 09:08:23 pm

Printer drivers often try to get the status of the printer via SNMP (UDP/161). So you could try to allow this protocol.

Title: Re: Print over the vpn
Post by: Julien on July 31, 2023, 09:21:01 pm

Thank you for your answer
I see we have on the printer Alias the next ports 137/138/139/161/162/427/9100/9220/9500
Still killing the printer during the print
When the users print I don’t see anything on the LAN interface being blocked.

Title: Re: Print over the vpn
Post by: dmark on August 01, 2023, 06:01:46 pm

If snmp does not help you should analyze the traffic with tcpdump and/or wireshark.

Title: Re: Print over the vpn
Post by: Julien on August 20, 2023, 01:55:45 pm

We managed to find the blocked port on the firewall live vieuw
Thank you everyone