OPNsense Forum
English Forums => 24.7 Production Series => Topic started by: rrosson on August 29, 2024, 03:03:07 pm
-
I support multiple family and friends via an openvpn site-2-site connection to assist them with their computer issues (yes I am that guy). All existing openvpn (not legacy) connections that were setup before 24.7 are still functional and routes/access continue to work which allows me access. All new openvpn site-2-site connections created after 24.7 I am able to reach the firewall but no other network hanging off the firewall.
Where there are no ip network conflicts this is just a simple site-2-site (p2p) with routes from the local and remote network. Where there is a nip network conflict BINAT rules have been added to eliminate it. Like I mentioned these continue to work as there where setup before upgrading to 24.7.x.
All rules and tcpdump show the traffic entering the tunnel but the other end never sees it.
I serve as the server and all others are clients. Each client is configured with static keys and a certificate for authentication. Followed the docs on openvpn site-2-site instances for all connections
Has any one tried setting up a site-2-site since upgrading to 24.7.x?
If require more information please let em know and I will provide upon request.
- Ron
-
I am finding it hard to believe that no one has seen this issue or has discovered this issue after my post that has over 150 views. I have 5 tunnels working that were setup and running before 24.7 and 2 tunnels that were built post 24.7 upgrade that have the p2p between the firewalls but no routes to the network behind them.
-
I am bumping my own thread in hopes that someone else has seen this issue when setting up a net new site-2-site openvpn tunnel with 24.7.x. I have a total of 7 site-2-site tunnels where 5 of them were setup before 24.7 and are running flawlessly. The two newest ones setup exactly the same way I am only able to have traffic between the two firewalls.
-
There seems to be a lot of 0 replies lately. They must be very busy. I do recall in the new "instances" setup for servers, that you can enter the IP address and or subnet to connect to. Instances/local network/Local Network
-
There seems to be a lot of 0 replies lately. They must be very busy.
This is a community forum, not a support portal. Just users helping users. I for one don't run OpenVPN for S2S, only IPsec and WireGuard. I have a single installation of OpenVPN for remote access to our office networks, all new "instances" with AD/LDAP integration. Works flawlessly.
So - sorry. Unless some other user of OPNsense is also running OpenVPN for S2S and shared your problem and solved it - where do you suggest an answer should come from?
If this is business critical, buy a support subscription and open a support ticket. Again: this is not the OPNsense support platform. Commercial support is available here:
https://shop.opnsense.com/product-categorie/support/
HTH
Patrick
-
Historically there are answers when they have time. So are you saying they no longer jump in and help users unless they pay for help?
-
They still do when there is time to spare of course - Cedrik (monviech) has been quite active lately.
But it looks like nobody is using OpenVPN for S2S? I don't know.
If you need support *now* for a business I'd recommend buying support.