Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: greY on February 12, 2019, 10:16:40 PM

Title: [solved] route issue on connections over site 2 site vpn
Post by: greY on February 12, 2019, 10:16:40 PM
Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?
Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 13, 2019, 05:34:57 AM
Reverse Proxy runs on the same device as IPSec peer?
Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 13, 2019, 07:30:16 PM
Reverse Proxy runs on OPNsense.
The infrastructure looks like this:
site A                                        site B
|OPNsense|                              |Unifi USG |
|              |----IPSEC tunnel-----|               |
|HAproxy  |                              |               |
      |
      |
WEB Services
Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 13, 2019, 07:48:31 PM
Then you have to add your WAN/32 to IPSec SA
Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 13, 2019, 09:07:16 PM
Thanks, but please could you describe a bit more exactly what to do ? ;)
Title: Re: route issue on connections over site 2 site vpn
Post by: mimugmail on February 14, 2019, 05:55:55 PM
In Phase2 add local net your WAN adress as network with /32 and remote the other LAN
Title: Re: route issue on connections over site 2 site vpn
Post by: greY on February 15, 2019, 09:38:09 PM
The issue was that haproxy was only listening to 127.0.0.1:port, I added the local router IP:port and everything works.
anyways thanks for helping.
Text only | Text with Images