Show Posts
1
Virtual private networks / [Solved]OpenVPN Site-Site not working from LAN, does work directly from OPNSense
« on: January 22, 2021, 04:08:47 pm »
Hello,
Am a bit stumped, have setup the OpenVPN client to connect the OPNSense (Site B) to the OpenVPN Server (Site A). The client indicates that the connection is up, however from the LAN it is not possible to ping any host at Site A. It is possible to ping the hosts on Site A when I am connected via SSH directly on the OPNSense router
Settings:
VPN Client: Peer to Peer (SSL/TLS)
Ping from OPNSense
Ping from Site B LAN
If I understood the https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html correctly, I would not have to anything in the Firewall > Rules > LAN. Or do I need to something else?
When I use the .ovpn profile to connect a specific host in Site B LAN to connect to Site A, it works as it should, so my guess is that something I need to do on the OPNSense to make the site-site work.
Any help much appreciated.
[Solved]
Found this post: https://forum.opnsense.org/index.php?topic=4979.0
And this reddit post: https://www.reddit.com/r/OPNsenseFirewall/comments/hy90gt/opnsense_openvpn_client_routing_in_2020/
Both helped me in the right direction.
For me it is necessary to be able to direct only certain hosts in Site B through the VPN to Site A. Using the aliases helped in solving this problem. So I set in Firewall > Rules > Lan, the Destination to he alias of the desired network.
And a night sleep, removing all settings and trying again, suddenly did work....
Am a bit stumped, have setup the OpenVPN client to connect the OPNSense (Site B) to the OpenVPN Server (Site A). The client indicates that the connection is up, however from the LAN it is not possible to ping any host at Site A. It is possible to ping the hosts on Site A when I am connected via SSH directly on the OPNSense router
Settings:
- IP LAN Site A: 10.20.10.0/24
- IP LAN Site B: 10.99.0.0/24
- tunnel network: 10.8.0.0/24
VPN Client: Peer to Peer (SSL/TLS)
Ping from OPNSense
Code: [Select]
# ping 10.99.0.16
PING 10.99.0.16 (10.99.0.16): 56 data bytes
64 bytes from 10.99.0.16: icmp_seq=0 ttl=63 time=5.905 ms
64 bytes from 10.99.0.16: icmp_seq=1 ttl=63 time=5.629 ms
64 bytes from 10.99.0.16: icmp_seq=2 ttl=63 time=5.734 ms
64 bytes from 10.99.0.16: icmp_seq=3 ttl=63 time=6.560 msPing from Site B LAN
Code: [Select]
#PING 10.99.0.16 (10.99.0.16): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
If I understood the https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html correctly, I would not have to anything in the Firewall > Rules > LAN. Or do I need to something else?
When I use the .ovpn profile to connect a specific host in Site B LAN to connect to Site A, it works as it should, so my guess is that something I need to do on the OPNSense to make the site-site work.
Any help much appreciated.
[Solved]
Found this post: https://forum.opnsense.org/index.php?topic=4979.0
And this reddit post: https://www.reddit.com/r/OPNsenseFirewall/comments/hy90gt/opnsense_openvpn_client_routing_in_2020/
Both helped me in the right direction.
For me it is necessary to be able to direct only certain hosts in Site B through the VPN to Site A. Using the aliases helped in solving this problem. So I set in Firewall > Rules > Lan, the Destination to he alias of the desired network.
And a night sleep, removing all settings and trying again, suddenly did work....