I have a functioning IPSEC-tunnel up running on an OPNsense 17.7.4, and traffic between machines on either side is running perfectly.
I want to use an LDAP-server on the remote side of the IPSEC tunnel for authentication (for incoming openvpn roadwarrior clients). When I try to set this up as a server in OPNsense menu, there is no response from LDAP server. I then tried to ping the server from the OPNsense - no reply.
Doing ping or LDAP from any client on the LAN-side of the OPENsense - works fine.
What on earth could I be missing ??
#ping -S LANIP LDAPIP
Cheers,
Franco
Quote from: franco on January 10, 2019, 04:13:38 PM
#ping -S LANIP LDAPIP
Cheers,
Franco
Same behaviour on last OPNsense 19.7.4
from lan subnet across the IPsec tunnel to remote subnet works, but doesn't ping or connectivity from the firewall IP itself (Goes over the default WAN up and not via the IPSec Tunnel), which if you want to connect the firewall to a remote over the tunnel LDAP server doesn't work
any workaround on this?
Cheers
Add WAN IP to a second Phase2 :)
Quote from: mimugmail on September 27, 2019, 10:02:59 PM
Add WAN IP to a second Phase2 :)
Not sure if is clear?
what do I have to do so the FW endpoint ping the remote subnet ?
Cheers
You add a second Phase2, left wanip/32, right remote subnet
Quote from: mimugmail on September 28, 2019, 02:37:26 PM
You add a second Phase2, left wanip/32, right remote subnet
add a second phase 2 with my WAN IP or Peer WAN IP?
only phase 1 has the peer WAN IP at the moment.
there isn't a more reliable way to get the FW to ping the remote subnet as all endpoints do passing through the firewall?
Cheers