OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Ultranium »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Ultranium

Pages: [1]
1
24.1 Legacy Series / Re: DHCP relay - Option 82 - agent.circuit-id
« on: November 04, 2024, 02:30:36 pm »
I'm also experiencing this problem on 24.7.6.
Agent Circuit ID seems to be changing after reboot on the same relay entry. I've observed values like 000f, 0010.
This makes it impossible to apply policies on a DHCP server based on agent ID.

2
Virtual private networks / Re: Nested VPN problems
« on: April 19, 2021, 10:22:45 am »
vigilian, thank you for detailed answer.
A few days ago I just gave up and set up the second VPN on a separate VM, routing it then to the first one via additional interface. This works pretty stable so far.

The "2 VPNs 1 OPNsense" setup just didn't work for me. Turning off the VPN1 gateway monitoring didn't help, ping from VPN1 interface didn't work until I restarted it a couple of times.

Maybe there is something specific to my VPN endpoints, but I just can't make it work properly after spending a week.

3
Virtual private networks / Re: Nested VPN problems
« on: April 03, 2021, 09:03:32 am »
Quote from: Antaris on April 02, 2021, 04:44:32 pm
You don't need 2 OPNsense boxes for that :) Just set 2 VPN servers in one OPNsense box on different ports that leads to different internal networks.
I guess you misunderstood me.
I need nested VPN clients, not servers.

4
Virtual private networks / Nested VPN problems
« on: March 27, 2021, 01:56:09 pm »
Hi.

I'm trying to setup nested OpenVPN client connecitons in OPNsense 21.1.3_3 and it doesn't work as it should.

My network overview:



What I wan to achieve:



This configuration works just fine if I use two separate machines with OPNsense per each VPN and chain them, but when I setting up both VPN connections inside a single OPNsense instance, weird things happen:
  • Gateway monitor shows 100% packet loss on VPN1, hosts from LAN1 have no internet access
  • Internet access for LAN2 hosts works just fine
  • OPNsense GUI becomes very laggy, opening the Dashboard takes more than 10 seconds

If I restart both VPN connections few times, it's starting to work fine, but after I reboot OPNsense machine, it starts all over again.

OpenVPN setup:
VPN1: Interface: ISP_PPPoE, Don't pull routes, Don't add/remove routes
VPN2: Interface: VPN1, Don't pull routes, Don't add/remove routes

Firewall rules:
LAN1: PASS LAN1 network to ANY, GATEWAY VPN1
LAN2: PASS LAN2 network to ANY, GATEWAY VPN2

Outbound NAT:
Firewall to ISP_PPPoE
LAN1 to VPN1
LAN2 to VPN2

I'd like to know if having nested OpenVPN connections is a supported configuration?
If so, could you please advise me how to fix this problem.

Upd: I checked, VPN subnets are not overlapping. VPN1 get a dynamic IP in 10.8.0.0/24 with GW 10.8.0.1, VPN2 is in 10.8.8.0/24, GW 10.8.8.1.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2