1
Virtual private networks / Nested VPN problems
« on: March 27, 2021, 01:56:09 pm »
Hi.
I'm trying to setup nested OpenVPN client connecitons in OPNsense 21.1.3_3 and it doesn't work as it should.
My network overview:
What I wan to achieve:
This configuration works just fine if I use two separate machines with OPNsense per each VPN and chain them, but when I setting up both VPN connections inside a single OPNsense instance, weird things happen:
If I restart both VPN connections few times, it's starting to work fine, but after I reboot OPNsense machine, it starts all over again.
OpenVPN setup:
VPN1: Interface: ISP_PPPoE, Don't pull routes, Don't add/remove routes
VPN2: Interface: VPN1, Don't pull routes, Don't add/remove routes
Firewall rules:
LAN1: PASS LAN1 network to ANY, GATEWAY VPN1
LAN2: PASS LAN2 network to ANY, GATEWAY VPN2
Outbound NAT:
Firewall to ISP_PPPoE
LAN1 to VPN1
LAN2 to VPN2
I'd like to know if having nested OpenVPN connections is a supported configuration?
If so, could you please advise me how to fix this problem.
Upd: I checked, VPN subnets are not overlapping. VPN1 get a dynamic IP in 10.8.0.0/24 with GW 10.8.0.1, VPN2 is in 10.8.8.0/24, GW 10.8.8.1.
I'm trying to setup nested OpenVPN client connecitons in OPNsense 21.1.3_3 and it doesn't work as it should.
My network overview:
What I wan to achieve:
This configuration works just fine if I use two separate machines with OPNsense per each VPN and chain them, but when I setting up both VPN connections inside a single OPNsense instance, weird things happen:
- Gateway monitor shows 100% packet loss on VPN1, hosts from LAN1 have no internet access
- Internet access for LAN2 hosts works just fine
- OPNsense GUI becomes very laggy, opening the Dashboard takes more than 10 seconds
If I restart both VPN connections few times, it's starting to work fine, but after I reboot OPNsense machine, it starts all over again.
OpenVPN setup:
VPN1: Interface: ISP_PPPoE, Don't pull routes, Don't add/remove routes
VPN2: Interface: VPN1, Don't pull routes, Don't add/remove routes
Firewall rules:
LAN1: PASS LAN1 network to ANY, GATEWAY VPN1
LAN2: PASS LAN2 network to ANY, GATEWAY VPN2
Outbound NAT:
Firewall to ISP_PPPoE
LAN1 to VPN1
LAN2 to VPN2
I'd like to know if having nested OpenVPN connections is a supported configuration?
If so, could you please advise me how to fix this problem.
Upd: I checked, VPN subnets are not overlapping. VPN1 get a dynamic IP in 10.8.0.0/24 with GW 10.8.0.1, VPN2 is in 10.8.8.0/24, GW 10.8.8.1.