1
Virtual private networks / OpenVPN: only one of two subnets accessible, can't figure out why
« on: November 26, 2020, 05:25:57 pm »
Hi,
I have an OPNsense gateway set up for openvpn. I have 3 separated internal networks, each on their own physical ethernet interface. These networks are firewalled with a simple deny network 1 to access 2 and 3 rule. I deactivated these rules temporarily, no fix for my problem.
I have the following networks:
OpenVPN network: 172.30.17.*
Network A: 10.15.90.0/24
Network B: 10.7.32.0/24
Main problem: Road warrior dial-in for all users is successful, they can access network A but not network B.
In VPN: OpenVPN: Server, I have both routes under "local IPv4 network": 10.7.32.0/24,10.15.90.0/24
Firewall: Rules: OpenVPN wizard rule:
Interface: OpenVPN
Direction: in (there is no "out rule", access till works, I added one temporarily but it did not fix anything)
Protocol/Source/Target: any
Interesting: the rule shows ipv4/6, when I click to edit the rule, it says only ipv4. I don't need ipv6 anyway. GUI bug?
I am using Viscosity on Mac as a client.
Upon connecting, the client routing table looks as follows:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGSc en0
default 172.30.17.5 UGScI utun10
10.7.32/24 172.30.17.5 UGSc utun10
10.15.90/24 172.30.17.5 UGSc utun10
The gateway's log shows:
vpnusername/222.222.111.111:51878 SENT CONTROL [vpnusername]: 'PUSH_REPLY,route 10.7.32.0 255.255.255.0,route 10.15.90.0 255.255.255.0,dhcp-option DNS 172.30.17.1,route 172.30.17.1,topology net30,ping 10,ping-restart 60,ifconfig 172.30.17.6 172.30.17.5,peer-id 0,cipher AES-256-GCM' (status=1)
So the route is there.
What am I missing?
Thanks, guys!
I have an OPNsense gateway set up for openvpn. I have 3 separated internal networks, each on their own physical ethernet interface. These networks are firewalled with a simple deny network 1 to access 2 and 3 rule. I deactivated these rules temporarily, no fix for my problem.
I have the following networks:
OpenVPN network: 172.30.17.*
Network A: 10.15.90.0/24
Network B: 10.7.32.0/24
Main problem: Road warrior dial-in for all users is successful, they can access network A but not network B.
In VPN: OpenVPN: Server, I have both routes under "local IPv4 network": 10.7.32.0/24,10.15.90.0/24
Firewall: Rules: OpenVPN wizard rule:
Interface: OpenVPN
Direction: in (there is no "out rule", access till works, I added one temporarily but it did not fix anything)
Protocol/Source/Target: any
Interesting: the rule shows ipv4/6, when I click to edit the rule, it says only ipv4. I don't need ipv6 anyway. GUI bug?
I am using Viscosity on Mac as a client.
Upon connecting, the client routing table looks as follows:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGSc en0
default 172.30.17.5 UGScI utun10
10.7.32/24 172.30.17.5 UGSc utun10
10.15.90/24 172.30.17.5 UGSc utun10
The gateway's log shows:
vpnusername/222.222.111.111:51878 SENT CONTROL [vpnusername]: 'PUSH_REPLY,route 10.7.32.0 255.255.255.0,route 10.15.90.0 255.255.255.0,dhcp-option DNS 172.30.17.1,route 172.30.17.1,topology net30,ping 10,ping-restart 60,ifconfig 172.30.17.6 172.30.17.5,peer-id 0,cipher AES-256-GCM' (status=1)
So the route is there.
What am I missing?
Thanks, guys!