Please help me in solving the problem.
There is a network shown in the attached diagram.
There are three OPNsense routers in it.
There is an OpenVPN tunnel (172.16.1.0/24) between routers site1-gw and site2-gw, and the same tunnel between routers site1-gw and site3-gw (172.16.2.0/24).
What should I configure so that the computer in Site 2 can access the computer in Site 3 and vice versa?
At the same time we can't set up another VPN tunnel between Site2 and Site3 for administrative reasons.
You just need to set the "Remote Networks" properly to route the traffic for the respectively other site over the VPN.
Presuming the routes between site 1 - 2 and 1 - 3 are working already, there is nothing else to do at site 1.
At site 2 the "Remote Network" settings should be
192.168.10.0/24,192.168.30.0/24
and at site 3
192.168.10.0/24,192.168.20.0/24
Quote from: viragomann on February 27, 2025, 02:17:01 PMYou just need to set the "Remote Networks" properly to route the traffic for the respectively other site over the VPN.
It's always so simple, but I often can't find the answer because I always think that it must be hard.
Thanks a lot!
Help. I can't figure out what the problem is!
VPN tunnel 10.0.2.0 is set up. I can ping Serv4 from Serv3, but not vice versa
traceroute to 192.168.5.11 (192.168.5.11), 30 hops max, 60 byte packets
1 _gateway (192.168.7.1) 1.011 ms 0.936 ms 0.912 ms
2 10.0.2.1 (10.0.2.1) 2.844 ms 2.855 ms 2.809 ms
3 192.168.5.11 (192.168.5.11) 3.948 ms 4.044 ms 3.998 ms
traceroute to 192.168.7.11 (192.168.7.11), 30 hops max, 60 byte packets
1 _gateway (192.168.5.1) 1.093 ms 1.036 ms 1.012 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
I did everything according to the instructions but it only works in one direction.
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html
Quote from: NFKhalaychidi on February 27, 2025, 11:04:36 AMPlease help me in solving the problem.
There is a network shown in the attached diagram.
There are three OPNsense routers in it.
There is an OpenVPN tunnel (172.16.1.0/24) between routers site1-gw and site2-gw, and the same tunnel between routers site1-gw and site3-gw (172.16.2.0/24).
What should I configure so that the computer in Site 2 can access the computer in Site 3 and vice versa?
At the same time we can't set up another VPN tunnel between Site2 and Site3 for administrative reasons.
Can you show me your configuration?
Maybe I made a mistake somewhere
Quote from: tivoti on April 21, 2025, 08:58:17 PMCan you show me your configuration?
Maybe I made a mistake somewhere
Attached
Looks like it's not a configuration error
Check firewalls on all devices
Quote from: NFKhalaychidi on April 22, 2025, 09:12:01 AMQuote from: tivoti on April 21, 2025, 08:58:17 PMCan you show me your configuration?
Maybe I made a mistake somewhere
Attached
Looks like it's not a configuration error
Check firewalls on all devices
Help with firewall settings. I don't quite understand either.
The settings are the same on both OPNSense
On the OpenVPN interface you have to open the source for the remote sites LAN.
Quote from: viragomann on April 22, 2025, 02:19:33 PMOn the OpenVPN interface you have to open the source for the remote sites LAN.
It's not quite clear. Go to Interfaces - Port assignment - Add the created VPN as an interface?
In the rules - Assignment specify LAN
I was talking about the firewall rule, your screenshot above shows on the OpenVPN tab. This limits traffic to source IP out of the tunnel subnet. But you need to allow the remote site's LAN.
Assigning an interface to the OpenVPN instance is not mandatory as long as you don't need it for routing purposes. But you can do it if you want and define the firewall rules on it then.
Quote from: viragomann on April 22, 2025, 02:19:33 PMOn the OpenVPN interface you have to open the source for the remote sites LAN.
Just allow all traffic at Firewall:Rules:OpenVPN for testing
No restrictions
It still only works one way
Quote from: tivoti on April 22, 2025, 04:06:11 PMNo restrictions
https://forum.opnsense.org/index.php?action=dlattach;attach=44280;image (https://forum.opnsense.org/index.php?action=dlattach;attach=44280;image)
?
Quote from: viragomann on April 22, 2025, 04:08:18 PMQuote from: tivoti on April 22, 2025, 04:06:11 PMNo restrictions
https://forum.opnsense.org/index.php?action=dlattach;attach=44280;image (https://forum.opnsense.org/index.php?action=dlattach;attach=44280;image)
?
The photo is small, you can't see anything
Maybe this one: https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image (https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image)
Quote from: viragomann on April 22, 2025, 04:12:46 PMMaybe this one: https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image (https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image)
I had it by default. I indicated it on the first screenshot.
Quote from: viragomann on April 22, 2025, 04:12:46 PMMaybe this one: https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image (https://forum.opnsense.org/index.php?action=dlattach;attach=44279;image)
The problem is that the server can't ping the client's network. The client pings without problems
Sent several times by mistake
Could this be the problem?
I don't understand how it works and how it is connected
Common name - test-client
A client specific override is mandatory for a site to site OpenVPN to work if the tunnel network is bigger than a /30.
Quote from: viragomann on April 22, 2025, 08:04:51 PMA client specific override is mandatory for a site to site OpenVPN to work if the tunnel network is bigger than a /30.
Thank you!!
Thanks everyone!!
I set up a VPN
I should have thought of that