"Quote from: banym on September 09, 2020, 09:10:26 AMYes, it is indeed a network design issue and there is a problem with the routing that has nothing to do with the firewall. Thanks.
No, it is a problem with your network design.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
20.7 Legacy Series / Re: vpn access to intranet blocked by Default deny rule
September 09, 2020, 03:17:50 PM #2
20.7 Legacy Series / Re: vpn access to intranet blocked by Default deny rule
September 09, 2020, 09:07:23 AM
Thank you ;D
I added the route and the server is accessible.
But can I change the settings in opnsense to fix the problem?
I added the route and the server is accessible.
But can I change the settings in opnsense to fix the problem?
#3
20.7 Legacy Series / [SOLVED] vpn access to intranet blocked by Default deny rule
September 08, 2020, 04:18:28 PM
[SOLVED]
After checking, it was a routing issue that prevented access to the server.
The problem is not related to firewall rules.
go to 'Additional BOOTP/DHCP Options', use DHCP pushing a static route to solve the problem.
-----------------------------------------------------------
opnsense ip :192.168.1.1
my other gateway ip :192.168.1.2
mywebserver ip:192.168.1.61 gateway :192.168.1.2 dns:192.168.1.2
my mobile use openvpn,ip :10.0.8.6
I use 10.0.8.6 browse 192.168.1.61
I want to use vpn to access my webserver and can ping, but access to port 80 is blocked by the default rules. Normal access without VPN
I tried setting up a few firewall rules, but nothing worked.
thanks
log:LAN Sep 8 20:51:52 192.168.1.2:80 10.0.8.6:44188 tcp Default deny rule
Detailed rule information :
__timestamp__ Sep 8 20:14:14
ack 3652002442
action [block]
anchorname
datalen 695
dir [in]
dst 10.0.8.6
dstport 41472
ecn
id 32338
interface bridge0
interface_name LAN
ipflags DF
label Default deny rule
length 747
offset 0
proto 6
protoname tcp
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
ridentifier 0
rulenr 16
seq 2918695121:2918695816
src 192.168.1.2
srcport 80
subrulenr
tcpflags PA
tcpopts
tos 0x0
ttl 62
urp 506
version 4
After checking, it was a routing issue that prevented access to the server.
The problem is not related to firewall rules.
go to 'Additional BOOTP/DHCP Options', use DHCP pushing a static route to solve the problem.
-----------------------------------------------------------
opnsense ip :192.168.1.1
my other gateway ip :192.168.1.2
mywebserver ip:192.168.1.61 gateway :192.168.1.2 dns:192.168.1.2
my mobile use openvpn,ip :10.0.8.6
I use 10.0.8.6 browse 192.168.1.61
I want to use vpn to access my webserver and can ping, but access to port 80 is blocked by the default rules. Normal access without VPN
I tried setting up a few firewall rules, but nothing worked.
thanks
log:LAN Sep 8 20:51:52 192.168.1.2:80 10.0.8.6:44188 tcp Default deny rule
Detailed rule information :
__timestamp__ Sep 8 20:14:14
ack 3652002442
action [block]
anchorname
datalen 695
dir [in]
dst 10.0.8.6
dstport 41472
ecn
id 32338
interface bridge0
interface_name LAN
ipflags DF
label Default deny rule
length 747
offset 0
proto 6
protoname tcp
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
ridentifier 0
rulenr 16
seq 2918695121:2918695816
src 192.168.1.2
srcport 80
subrulenr
tcpflags PA
tcpopts
tos 0x0
ttl 62
urp 506
version 4
Pages1
