Messages

[OpenVPN-Server-config]

Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I have a established VPN site to site connection. On the opnsense maschine (openvpn-client) I can ping everything on the openvpn-serverside. But from a random maschine on the client side no traffic goes throw the openvpn-tunnel.


My configuration is the folowing:

Network-diagramm (see attachment)

OpenVPN-Server-config

Code Select Expand

Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked

Client Specific Overrides

Code Select Expand

IPv4 Remote Network: 192.168.0.0/24

OpenVPN-Client-config

Code Select Expand

Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24

Clientside (192.168.0.3): Fiewall: Rules: LAN

Code Select Expand

in   IPv4   LAN net   *   *    *   *   *


Clientside (192.168.0.3): Fiewall: Rules: OpenVPN

Code Select Expand

in   IPv4   *   *   *    *   *   *
out   IPv4   *    *   *    *   *    *

VPN: OpenVPN: Connection Status

Code Select Expand

client s2s_BW02-LS50 *.*.*.* 172.31.5.2 2024-02-17 23:25:13 248.13 KB 227.71 KB connected


System: Routes: Status on opnsense Openvpn-Client

Code Select Expand


...
ipv4 default 192.168.0.1 UGS NaN 1500 vtnet0 lan
ipv4 127.0.0.1 link#2 UH NaN 16384 lo0 Loopback
ipv4 172.31.5.0/28 link#7 U NaN 1500 ovpnc1
ipv4 172.31.5.2 link#7 UHS NaN 16384 lo0 Loopback
ipv4 192.168.0.0/24 link#1 U NaN 1500 vtnet0 lan
ipv4 192.168.0.3 link#1 UHS NaN 16384 lo0 Loopback
ipv4 192.168.178.0/24 172.31.5.1 UGS NaN 1500 ovpnc1



More detailed problem description:
on a random server/computer on the clientside (192.168.0.0/24) I am unable to access the serverside network (192.168.178.0/24).

Here a traceroute:

Code Select Expand

1     1 ms     1 ms     1 ms  gw [192.168.0.1]
  2     4 ms     6 ms     6 ms  fw.intra.brue.ch [192.168.0.3]
  3     *        *        *     Zeitüberschreitung der Anforderung.
  4     *        *        *     Zeitüberschreitung der Anforderung.
  5     *        *        *     Zeitüberschreitung der Anforderung.

But from the opnsense Openvpn-Client (192.168.0.3), I can ping everything on the serverside:

Code Select Expand


Description              Hostname Source Send Received Min Max Avg loss
192.168.0.202 27 27 0.291 6.681 0.916 0.00 %
192.168.178.1 29 29 23.501 33.995 26.449 0.00 %
172.31.5.1 29 29 22.345 30.46 25.602 0.00 %
172.31.5.2 29 29 0.182 1.536 0.528 0.00 %



Btw:
The hole configuration worked befor. Then a certificate (or more precisely the CA) runs out of date. The onlything I changed:

• Createt new CA
• Createt new Combined Client/Server Certificate (was not nessesary in the old config)
• Changed the CA and certificates in the openvpn server and client config.

I've no clue, why the hole thing now doesn't work.
really appreciate your help!

In the end, there was a firewall-rule missing.
On the client-side, on the OpenVPN-interface must be an any:any rule in both directions.

[OpenVPN-Server-config]

Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I am able to reach server side IPs from the client side but cannot reach client side IPs from the server side.
And to make it a bit more strange:
- from the opnsense-firewall on the server side, I can reach clients in the client-network.
- from a client on the server side, I can traceroute to clients in the client-network, but cannot ping them.


My configuration is the following:

Network-diagramm (see attachment)

OpenVPN-Server-config

Code Select Expand

Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked


Client Specific Overrides

Code Select Expand

IPv4 Remote Network: 192.168.0.0/24


OpenVPN-Client-config

Code Select Expand

Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24


For the Connection status: see attachment


Routing-Table on Server B:

Code Select Expand

Kernel IP routing table
Destination    Gateway        Genmask          Flags Metric Ref    Use   Iface
default        192.168.178.1   0.0.0.0         UG    0      0      0     ovs_eth0
192.168.0.0    192.168.178.3   255.255.255.0   UG    0      0      0     ovs_eth0


More detailed problem description:
- From Server A on the Client-side I can access everything on the Server-side. (e.g. backup on Server B)
- From OpenVPN Server (Server-side) I can ping/traceroute Server A
- From Server B on the Server-side I cannot access Server A (can traceroute, but ping is not working)(see code below)

Code Select Expand

traceroute to 192.168.0.202 (192.168.0.202), 30 hops max, 60 byte packets
1  192.168.178.3 (192.168.178.3)  3.392 ms  3.366 ms  3.319 ms
2  172.31.5.2 (172.31.5.2)  37.018 ms  36.991 ms  36.955 ms
3  192.168.0.202 (192.168.0.202)  36.942 ms  36.910 ms  40.132 ms

PING 192.168.0.202 (192.168.0.202) 56(84) bytes of data.
^C
--- 192.168.0.202 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 1003ms



I am out off ideas, and very grateful for any solutions!