Messages

1

20.7 Legacy Series / Re: vpn access to intranet blocked by Default deny rule

« on: September 09, 2020, 03:17:50 pm »

No, it is a problem with your network design.

Yes, it is indeed a network design issue and there is a problem with the routing that has nothing to do with the firewall. Thanks.

2

20.7 Legacy Series / Re: vpn access to intranet blocked by Default deny rule

« on: September 09, 2020, 09:07:23 am »

Thank you
I added the route and the server is accessible.
But can I change the settings in opnsense to fix the problem?

3

20.7 Legacy Series / [SOLVED] vpn access to intranet blocked by Default deny rule

« on: September 08, 2020, 04:18:28 pm »

[SOLVED]
After checking, it was a routing issue that prevented access to the server.
The problem is not related to firewall rules.
go to 'Additional BOOTP/DHCP Options', use DHCP pushing a static route to solve the problem.

-----------------------------------------------------------
opnsense ip :192.168.1.1
my other gateway ip :192.168.1.2
mywebserver ip:192.168.1.61  gateway :192.168.1.2 dns:192.168.1.2
my mobile use openvpn，ip :10.0.8.6
I use 10.0.8.6 browse 192.168.1.61

I want to use vpn to access my webserver and can ping, but access to port 80 is blocked by the default rules. Normal access without VPN
I tried setting up a few firewall rules, but nothing worked.

thanks

log：LAN      Sep 8 20:51:52   192.168.1.2:80   10.0.8.6:44188   tcp   Default deny rule
Detailed rule information ：
__timestamp__   Sep 8 20:14:14
ack   3652002442
action    [block]
anchorname   
datalen   695
dir    [in]
dst    10.0.8.6
dstport   41472
ecn   
id   32338
interface   bridge0
interface_name   LAN
ipflags   DF
label   Default deny rule
length   747
offset   0
proto   6
protoname   tcp
reason   match
rid   02f4bab031b57d1e30553ce08e0ec131
ridentifier   0
rulenr   16
seq   2918695121:2918695816
src    192.168.1.2
srcport   80
subrulenr   
tcpflags   PA
tcpopts   
tos   0x0
ttl   62
urp   506
version   4