Messages

1

General Discussion / Re: weird SSH over IPSEC VPN not problem

« on: November 22, 2019, 01:00:23 am »

Hi,

I ended up dumping the IPSEC VPN and setup an OpenVPN STS connection and everything just worked, didn't need to change MSS and we were also facing an issue with drop outs when idle which was also fixed.

2

General Discussion / Re: weird SSH over IPSEC VPN not problem

« on: November 13, 2019, 12:03:14 am »

Hi,

I disabled scrubbing under Firewall > Settings > Normalization but that broke communication, I could ping but I couldn't access any other services.

3

General Discussion / Re: weird SSH over IPSEC VPN not problem

« on: November 11, 2019, 11:15:37 pm »

Hi,

Thanks for the reply, I applied MSS of 1300 on both LAN ports on each side of the VPN but it still did not work.

I also tried telnet this morning to check and it fails with the same issue of just taking a long time and then eventually times out. Other traffic is OK though, VNC and web and windows file sharing is OK.

I'm not sure if the MSS took effect as when I ping with a size it's larger than 1300. One thing I did notice is that Side A of the VPN can Ping Side B with a packet size of 1473, where Side B can only ping side A with a packed size of 1342. Could this be causing the issue?

4

General Discussion / weird SSH over IPSEC VPN not problem

« on: November 11, 2019, 03:06:19 am »

Hi,

I have setup a Site to Site IPSEC VPN connection and I can access machines and ping clients on both sides. I can access the web interface of opnsense on both side, but if I try and SSH to a linux machine I get the login prompts and then it just hangs, sometime I eventually get the welcome text and then prompt but then it drops out and stops working with a timeout error.

What is weird is that when I try it from the remote site, to ssh back into a linux machine it works.

I don't have and firewall rules between the connections, I just allow all.
I have tried normalization to set the MSS on the IPSec connection to 1400
I have tried from multiple machines.
I have also tried to ssh into the OpnSense firewall and some switches and they fail as well.

I'm stuck and not sure what else I can change or look at, any suggestions?

5

19.7 Legacy Series / Pushing voice data across different internet connection

« on: August 06, 2019, 02:04:45 am »

Hi,

We have had our phone system on VLAN 20 and IP address range of 10.0.20.0/24 for a while but we are moving to sip lines and are going to use a second internet connection just for the SIP trunks.

I have installed another network card in opnsense and given it 192.168.20.1/24 address and then our provider of the connection has a cisco router and have assigned 192.168.20.2 to their interface but I am having trouble pushing traffic for VLAN 20 across the new link, it appears that it wants to go out the existing (default) gateway.

I have setup on the 192.168.20.1 card the upstream Gateway as 192.168.20.2 and I can ping that address.

I have tried to put a rule on the VoiceVLAN to set the gateway to the 192.168.20.1 address but it when I ping address on the SIP providers network it tries to go through the default gateway and then says it can't find that address.

Any suggestions as to how to setup the routing for the connection?

6

General Discussion / OpenVPN restrict 1 client network access

« on: July 11, 2018, 04:19:24 am »

Hi,

We have OpenVPN setup and working great for remote users, but we have a requirement for 1 user who is an external company to connect and we want to be able to restrict their access on the network to only 2 ip address's internally.

I am assuming that we can either assign an IP address to that specific user and then setup firewall rules to restrict or allow, but I can see anywhere to assign a specific IP address in Opnsense (used to do this in pfsense).

Can anyone guide me on the best way to do this?

Thanks