Messages

1

General Discussion / Re: IPsec+OVPN config failed

« on: March 16, 2020, 05:56:03 pm »

Hi,

Thanks mfedv.

Then you need
  - an outbound NAT rule that maps OpenVPN client addresses to one from 192.168.100.0/24 when accessing 10.1.1.0/24
  - add a Manual SPD entry in IPSec Tunnel Settings with your OpenVPN client network (Tunnel network) to the phase2 IPsec definition.

The outbound nat rule is on IPsec interface ? Like this ?

Interface: IPsec
Source: 10.7.8.0/24
Source port : *
Destination : 10.1.1.0/24
Destination port : *
NAT address : 192.168.100.0/24
NAT Port : *



SPD is BINAT ?

2

General Discussion / IPsec+OVPN config failed

« on: March 16, 2020, 03:35:00 pm »

Hi,
I try with OPNsense and pfsense the same config to do work an IPsec tunnel AND OVPN without success.

I've a OPNsense fw with this configuration :

    WAN : 1.1.1.1/32
    LAN : 192.168.100.0/24

On the WAN interface, I've a IPsec tunnel with remote subnet 10.1.1.0/24 and IPsec rules :

    any to any port SSH|RDP pass

I've configure the same in floating rules with select LAN/IPsec/OVPN interfaces.

I've a seconde configuration on the WAN interface with OVPN nomade configuration (user auth+tls) with 192.168.100.0/24 as tunnel & remote network.

On other side, I've a firewall with :

    WAN : 2.2.2.2
    LAN : 10.1.1.0/24
    Rules allow remote network (192.168.100.0/24) to SSH|RDP 10.1.1.0/24.
    Route : 192.168.100.0/24 via IPsec interface

I want to :

Wanted Client use case / Link config (remote work as soon as possible without create failure on architecture):
[client]--------------------------------------------------------------------------------------------------->[10.1.1.0/24|22]
[client]---->[OPNsense_OVPN_get192.168.100.2/24]----->[sameOPN_IPsec]------------>[10.1.1.0/24|22]

This use case doesn't work with my actual configuration. Someone have an idea to success config this ?



Thanks