OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of abrue »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - abrue

Pages: [1]
1
Virtual private networks / OpenVPN Site to Site - Clients can't reach openvpn
« on: February 18, 2024, 12:54:44 am »
Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I have a established VPN site to site connection. On the opnsense maschine (openvpn-client) I can ping everything on the openvpn-serverside. But from a random maschine on the client side no traffic goes throw the openvpn-tunnel.


My configuration is the folowing:

Network-diagramm (see attachment)

OpenVPN-Server-config
Code: [Select]
Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked
Client Specific Overrides
Code: [Select]
IPv4 Remote Network: 192.168.0.0/24
OpenVPN-Client-config
Code: [Select]
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24
Clientside (192.168.0.3): Fiewall: Rules: LAN
Code: [Select]
in   IPv4   LAN net   *   *    *   *   *

Clientside (192.168.0.3): Fiewall: Rules: OpenVPN
Code: [Select]
in   IPv4   *   *   *    *   *   *
out   IPv4   *    *   *    *   *    *
VPN: OpenVPN: Connection Status
Code: [Select]
client s2s_BW02-LS50 *.*.*.* 172.31.5.2 2024-02-17 23:25:13 248.13 KB 227.71 KB connected

System: Routes: Status on opnsense Openvpn-Client
Code: [Select]
...
ipv4 default 192.168.0.1 UGS NaN 1500 vtnet0 lan
ipv4 127.0.0.1 link#2 UH NaN 16384 lo0 Loopback
ipv4 172.31.5.0/28 link#7 U NaN 1500 ovpnc1
ipv4 172.31.5.2 link#7 UHS NaN 16384 lo0 Loopback
ipv4 192.168.0.0/24 link#1 U NaN 1500 vtnet0 lan
ipv4 192.168.0.3 link#1 UHS NaN 16384 lo0 Loopback
ipv4 192.168.178.0/24 172.31.5.1 UGS NaN 1500 ovpnc1


More detailed problem description:
on a random server/computer on the clientside (192.168.0.0/24) I am unable to access the serverside network (192.168.178.0/24).

Here a traceroute:
Code: [Select]
1     1 ms     1 ms     1 ms  gw [192.168.0.1]
  2     4 ms     6 ms     6 ms  fw.intra.brue.ch [192.168.0.3]
  3     *        *        *     Zeitüberschreitung der Anforderung.
  4     *        *        *     Zeitüberschreitung der Anforderung.
  5     *        *        *     Zeitüberschreitung der Anforderung.
But from the opnsense Openvpn-Client (192.168.0.3), I can ping everything on the serverside:
Code: [Select]
Description              Hostname Source Send Received Min Max Avg loss
192.168.0.202 27 27 0.291 6.681 0.916 0.00 %
192.168.178.1 29 29 23.501 33.995 26.449 0.00 %
172.31.5.1 29 29 22.345 30.46 25.602 0.00 %
172.31.5.2 29 29 0.182 1.536 0.528 0.00 %


Btw:
The hole configuration worked befor. Then a certificate (or more precisely the CA) runs out of date. The onlything I changed:
  • Createt new CA
  • Createt new Combined Client/Server Certificate (was not nessesary in the old config)
  • Changed the CA and certificates in the openvpn server and client config.
I've no clue, why the hole thing now doesn't work.
really appreciate your help!

2
Virtual private networks / Re: [SOLVED] OpenVPN Site to Site - Can't reach client network from server network
« on: October 01, 2022, 07:06:54 pm »
In the end, there was a firewall-rule missing.
On the client-side, on the OpenVPN-interface must be an any:any rule in both directions.

3
Virtual private networks / [SOLVED] OpenVPN Site to Site - Can't reach client network from server network
« on: May 20, 2022, 02:27:18 pm »
Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I am able to reach server side IPs from the client side but cannot reach client side IPs from the server side.
And to make it a bit more strange:
- from the opnsense-firewall on the server side, I can reach clients in the client-network.
- from a client on the server side, I can traceroute to clients in the client-network, but cannot ping them.


My configuration is the following:

Network-diagramm (see attachment)

OpenVPN-Server-config
Code: [Select]
Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked

Client Specific Overrides
Code: [Select]
IPv4 Remote Network: 192.168.0.0/24

OpenVPN-Client-config
Code: [Select]
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24

For the Connection status: see attachment


Routing-Table on Server B:
Code: [Select]
Kernel IP routing table
Destination    Gateway        Genmask          Flags Metric Ref    Use   Iface
default        192.168.178.1   0.0.0.0         UG    0      0      0     ovs_eth0
192.168.0.0    192.168.178.3   255.255.255.0   UG    0      0      0     ovs_eth0

More detailed problem description:
- From Server A on the Client-side I can access everything on the Server-side. (e.g. backup on Server B)
- From OpenVPN Server (Server-side) I can ping/traceroute Server A
- From Server B on the Server-side I cannot access Server A (can traceroute, but ping is not working)(see code below)
Code: [Select]
traceroute to 192.168.0.202 (192.168.0.202), 30 hops max, 60 byte packets
 1  192.168.178.3 (192.168.178.3)  3.392 ms  3.366 ms  3.319 ms
 2  172.31.5.2 (172.31.5.2)  37.018 ms  36.991 ms  36.955 ms
 3  192.168.0.202 (192.168.0.202)  36.942 ms  36.910 ms  40.132 ms

PING 192.168.0.202 (192.168.0.202) 56(84) bytes of data.
^C
--- 192.168.0.202 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 1003ms


I am out off ideas, and very grateful for any solutions!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2