OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: Andreas on October 23, 2015, 12:08:09 pm
-
Hi,
my Situation
Client (192.168.100.183) <-Ipsec-> OPNSense 192.168.252.96 (192.168.252.0/22) <-IPSec-> Fritz Box (10.40.1.0/24)
The Client 192.168.100.183 got just the Route 192.168.252.0./22 over IPSec. Nothing else can be configured -
My Problem is now - i wanna access the Client from the 10.40.1.0 /24 Net or other Net e.g. from OPENVPN Clients connected to the OPNSense FW...
Is there a way to do that?
Thx
Andreas
-
Hi,
Did you add an allow rule for the firewall and also allowed private networks to access ?
-
Yes,
the firewall is open and all is allowed
-
Yes,
the firewall is open and all is allowed
Ok. Thank you. Just for a small test, can you disable all types of SPI / firewall on your Fritzbox too? Or perhaps add your client IP 10.40.1.x/32 as a DMZ host on Fritz?
Just trying to give options here.
-
I think its more a Routing problem then a Firewall Problem.
Tracing the Clients shows that the Fritz Box doesnt know the way to sent the packages and i think the client
192.168.100.183 even has no routing to the 10.40.1.0/24 net
-
Hi,
can someone pls explain what to configure for
NAT/BINAT Options in the IPSec Configuration.
I Think this would solve my problems... if i can configure it right
its like this picture shows
http://www.cisco.com/c/dam/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping00.gif
acutally i get in the log
Oct 24 22:18:42 charon: 14[CFG] received stroke: route 'con3'
Oct 24 22:18:42 charon: 10[CFG] added configuration 'con3'
i tried to nat the IP 192.168.100.183 to the 192.168.250.183 in the config to the Fritz Box (second phase entries added)
what i did in the ipsec configuration to the 192.168.100.183 client you can lookup in the attachment
Thx.