Show Posts
1
18.7 Legacy Series / IPSEC, LAN and Default deny rule
« on: November 15, 2018, 05:47:28 pm »
Hello,
I have 2 OpnSense connected by an IpSec VPN.
The lan net of the first OpnSense is 192.168.10.0/24
The lan net of the second OpnSense is 192.168.20.0/24
The VPN works but I have a problem with the connections that are in the "In" directions:
Interface Dir Time Source Destination Proto Label
lan In Nov 15 17:31:31 192.168.20.21:49677 192.168.10.35:58034 tcp Default deny rule
lan Out Nov 15 17:31:25 192.168.10.35:58107 192.168.20.21:49677 tcp let out anything from firewall host itself
This log is from the OpnSense on the 192.168.20.0/24 lan.
As you can see, the "In" connection is denied by the "Default deny Rule" and the "Out" connection is allowed.
I have tried to create a firewall rule on the lan to allow from 192.168.10.0/24 but it does not work.
Proto Source Port Destination Port Gateway
IPv4 * 192.168.10.0/24 * 192.168.20.0/24 * *
Can you help me to find a solution?
Nicolas
I have 2 OpnSense connected by an IpSec VPN.
The lan net of the first OpnSense is 192.168.10.0/24
The lan net of the second OpnSense is 192.168.20.0/24
The VPN works but I have a problem with the connections that are in the "In" directions:
Interface Dir Time Source Destination Proto Label
lan In Nov 15 17:31:31 192.168.20.21:49677 192.168.10.35:58034 tcp Default deny rule
lan Out Nov 15 17:31:25 192.168.10.35:58107 192.168.20.21:49677 tcp let out anything from firewall host itself
This log is from the OpnSense on the 192.168.20.0/24 lan.
As you can see, the "In" connection is denied by the "Default deny Rule" and the "Out" connection is allowed.
I have tried to create a firewall rule on the lan to allow from 192.168.10.0/24 but it does not work.
Proto Source Port Destination Port Gateway
IPv4 * 192.168.10.0/24 * 192.168.20.0/24 * *
Can you help me to find a solution?
Nicolas