Show Posts
1
16.7 Legacy Series / OpenVPN and access to LAN
« on: September 08, 2016, 02:19:11 pm »
Hello there,
I'm trying to setup a OpenVPN server with OPNsense.
While that seems to work, i can connect etc.. i have trouble reaching the network on the LAN port.
OPNsense is running on qemu/kvm with bridged interfaces. One interface is connected to the public internet (WAN). And the other is connected to the LAN network on the host.
Host: Ubuntu (14.04) with KVM/QEMU
- br0: WAN public internet
- br3: LAN - 172.18.10.10
Guest: OPNsense 16.7.3
- WAN: bridged on br0
- LAN: bridged on br3 - 172.18.10.11
- VPN: 10.220.0.0/27
WAN is working. I Can connect to the VPN from the outside world, no problem. If i allow ICMP on the WAN i can ping the WAN.
During the VPN connection i'm able to ping the static LAN IP on the OPNsense system, which is 172.18.10.11.
If i try to ping 172.18.10.10 which is connected to the hypervisor i get no response. That is the same for other systems on that same network 172.18.10.x.
I know that this is because the requests go to the 172.18.10.x network from the VPN network and the host on 172.18.10.10 doesn't know how to return the package.
So, i created a NAT rule for outbound.
This has the following settings.
Interface: LAN
Source: 10.220.0.0/27
NAT Address: interface address
After applying this rule i'm able to ping to that host! BUT, when i try to SSH to it, it doesn't work.
What am i doing wrong?
What i want is to have an OpenVPN connection so that i can reach the local LAN from outside.
Thx in advanced.
BlackDex.
I'm trying to setup a OpenVPN server with OPNsense.
While that seems to work, i can connect etc.. i have trouble reaching the network on the LAN port.
OPNsense is running on qemu/kvm with bridged interfaces. One interface is connected to the public internet (WAN). And the other is connected to the LAN network on the host.
Host: Ubuntu (14.04) with KVM/QEMU
- br0: WAN public internet
- br3: LAN - 172.18.10.10
Guest: OPNsense 16.7.3
- WAN: bridged on br0
- LAN: bridged on br3 - 172.18.10.11
- VPN: 10.220.0.0/27
WAN is working. I Can connect to the VPN from the outside world, no problem. If i allow ICMP on the WAN i can ping the WAN.
During the VPN connection i'm able to ping the static LAN IP on the OPNsense system, which is 172.18.10.11.
If i try to ping 172.18.10.10 which is connected to the hypervisor i get no response. That is the same for other systems on that same network 172.18.10.x.
I know that this is because the requests go to the 172.18.10.x network from the VPN network and the host on 172.18.10.10 doesn't know how to return the package.
So, i created a NAT rule for outbound.
This has the following settings.
Interface: LAN
Source: 10.220.0.0/27
NAT Address: interface address
After applying this rule i'm able to ping to that host! BUT, when i try to SSH to it, it doesn't work.
What am i doing wrong?
What i want is to have an OpenVPN connection so that i can reach the local LAN from outside.
Thx in advanced.
BlackDex.