Show Posts
1
General Discussion / Site-to-Site OpenVPN - Can ping from S2S Int. but not from LAN
« on: August 25, 2020, 08:51:37 pm »
Having some trouble and racking my brain, need some help with this and maybe another set of eyes.
2 sites: Host site A and remote site B
Both have OPNsense routers. Site A is host, static WAN address. Remote site is static WAN given by MAC LOCK at a school.
Router at A is inside network, NOT providing the sites WAN/LAN needs, just VPN access. Router at B is performing all router duties for the site.
Over the COVID season earlier this year, we dumped our site to site VPN after closing our remote office and pushed a Road Warrior VPN instead for people to access the network remote from home. As a result, I recreated the VPN rules to reflect a TAP adapter instead of TUN. Now, we are returning to work next week at a remote office which uses the Site-to-site OpenVPN config I had earlier. I setup interfaces and rules but I'm super confused as to why I can't simply get site B to ping site A from LAN. From S2SVPN interface I can ping the gateway at site A immediately, works great. I had to add a NIC to get more ports since my TAP adapter is still being used. This messed up all the interfaces on site A router which I had to fix. Site B router has stayed the same.
I'm sure it's firewall related, or so I think. I'm stumped. I've always had a hard time with the 'flow' of the firewall rules in both OPNsense and pfSense. It's terminology is not an issue, but I get source and destination mixed up depending on what interface I'm on. Any help is appreciated!
I've attached screen shots of the rules and pings. All shots are from Site B (Remote site) as I think if I can get LAN to send traffic over S2SVPN interface we will be all set. There are access rules for the 3 networks at Site A that need accessed by Site B.
2 sites: Host site A and remote site B
Both have OPNsense routers. Site A is host, static WAN address. Remote site is static WAN given by MAC LOCK at a school.
Router at A is inside network, NOT providing the sites WAN/LAN needs, just VPN access. Router at B is performing all router duties for the site.
Over the COVID season earlier this year, we dumped our site to site VPN after closing our remote office and pushed a Road Warrior VPN instead for people to access the network remote from home. As a result, I recreated the VPN rules to reflect a TAP adapter instead of TUN. Now, we are returning to work next week at a remote office which uses the Site-to-site OpenVPN config I had earlier. I setup interfaces and rules but I'm super confused as to why I can't simply get site B to ping site A from LAN. From S2SVPN interface I can ping the gateway at site A immediately, works great. I had to add a NIC to get more ports since my TAP adapter is still being used. This messed up all the interfaces on site A router which I had to fix. Site B router has stayed the same.
I'm sure it's firewall related, or so I think. I'm stumped. I've always had a hard time with the 'flow' of the firewall rules in both OPNsense and pfSense. It's terminology is not an issue, but I get source and destination mixed up depending on what interface I'm on. Any help is appreciated!
I've attached screen shots of the rules and pings. All shots are from Site B (Remote site) as I think if I can get LAN to send traffic over S2SVPN interface we will be all set. There are access rules for the 3 networks at Site A that need accessed by Site B.