Show Posts
1
Virtual private networks / OpnSense as OpenVPN Server => ignore Server GW but use specific client as GW
« on: March 12, 2022, 12:13:14 pm »
Hi folks,
i am stuck.
What i try to achieve is to use OpenVPN-Client(B) as GW to another OpenVPN Client(A).
OpenVPN-Server network 10.10.7.0/24 hosted by OpnSense.
Setup:
OpenVPN-Client(A) [10.10.7.210] => ([OpenVPN-Server] [on OpnSense]) <= WAN <= External OpenVPN-Client(B)[10.10.7.222] (This clients gateway should be used to surf the web.)
What works:
Both clients have internet access. But Client(A) is only using internet connection provided by GW of the OpnSense WAN-address unable to use Client(B) as its gateway.
Client(A) routes:
Problem:
So the issue is => Client(A) is unable to use Client(B) as its GW.
How was this analyzed:
On Client(A) a check for external IP always resolves to OpnSense WAN IP.
To check furhter i use tcpdump on Client(B) but it clearly shows only traffic from Client(A) arrives on Client(B) when a direct communication is issued. Such as "ssh from A => B" or "Ping from A => B".
Info: Client(B) has ip forwarding activated, but not yet helpful as there do not arrive packets to be forwarded on Client(B).
All other outgoing traffic from Client(A) seems to be forced to use the OpnSense GW ignoring the route to Client(B).
What am i doing wrong?
Thanks for your help in advance,
Kind regards Raphael
i am stuck.
What i try to achieve is to use OpenVPN-Client(B) as GW to another OpenVPN Client(A).
OpenVPN-Server network 10.10.7.0/24 hosted by OpnSense.
Setup:
OpenVPN-Client(A) [10.10.7.210] => ([OpenVPN-Server] [on OpnSense]) <= WAN <= External OpenVPN-Client(B)[10.10.7.222] (This clients gateway should be used to surf the web.)
What works:
- Both clients connect to OpenVPN
- Both clients are able to ping each other
- Client(B) direct web access via its LAN.
Both clients have internet access. But Client(A) is only using internet connection provided by GW of the OpnSense WAN-address unable to use Client(B) as its gateway.
Client(A) routes:
Code: [Select]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.7.222 128.0.0.0 UG 0 0 0 tun0
10.10.7.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.10.7.1 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
Problem:
So the issue is => Client(A) is unable to use Client(B) as its GW.
How was this analyzed:
On Client(A) a check for external IP always resolves to OpnSense WAN IP.
To check furhter i use tcpdump on Client(B) but it clearly shows only traffic from Client(A) arrives on Client(B) when a direct communication is issued. Such as "ssh from A => B" or "Ping from A => B".
Info: Client(B) has ip forwarding activated, but not yet helpful as there do not arrive packets to be forwarded on Client(B).
All other outgoing traffic from Client(A) seems to be forced to use the OpnSense GW ignoring the route to Client(B).
What am i doing wrong?
- Is this an OpenVPN limitation?
- Is this an OpnSense limitation?
- Is this a tun type interface limitation?
- Would type tap interface overcome that issue?
- Have i misconfigured the routing on Client[A]?
Thanks for your help in advance,
Kind regards Raphael