OPNsense Forum
English Forums => Virtual private networks => Topic started by: afan on January 19, 2023, 09:50:11 pm
-
Hi all,
I've set up an OpenVPN Site2Site over the public internet. The VPN connects well, no problems there.
Name Remote Host Virtual Addr Connected Since Bytes Sent Bytes Received Status
My_OpenVPN UDP:1194 79.12.15.170 10.9.1.1 2023-01-19 20:58:26 46 KB 35 KB up
I use 10.9.1.0/24 as tunnel network (per the above) and the subnets at each site are 10.7.1.0/24 (LAN site1) and 10.8.1.0/24 (LAN site2). Site1 is runs the OpenVPN server; site2 runs the client.
Firewall rules were set to allow all traffic on the OpenVPN tunnel (regardless of source), at both sides:
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 * * * * * * * Allow_OpenVPN_traffic
On the OPNsense shell of site1, I can ping 10.9.1.1 (local IP address of the tunnel) and 10.9.1.2 (which is the other side/site).
On site2 I can reach site1 just fine (I can ping 10.7.1.0/24 addresses).
However I cannot reach any IP address from site1 to site2 (e.g. 10.8.1.2).
An extract of the routing table of site2 (https://10.8.1.1/ui/diagnostics/interface/routes) shows entries of site1's 10.7.1.0 network:
ipv4 default 79.12.15.1 UGS NaN 1500 vmx0 My_WAN
ipv4 10.7.1.0/24 10.9.1.1 UGS NaN 1500 ovpnc1
ipv4 10.9.1.1 link#8 UH NaN 1500 ovpnc1
ipv4 10.9.1.2 link#8 UHS NaN 16384 lo0 Loopback
ipv4 10.8.1.0/24 link#2 U NaN 1500 vmx1 lan
The same applies for site1 (i.e. site2 routes exist).
I rebooted both sides just in case to no avail.
Any idea where things are going wrong?
-
FWIW, the day after things worked fine.
I added some firewall rules at both sides on the LAN to allow the network at the other side. I think this was the solution.