OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of echoxxzz »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - echoxxzz

Pages: [1]
1
Virtual private networks / Re: OpenVPN site to site two way communication
« on: December 17, 2023, 07:13:42 am »
OMG I finally got it working!!

I entered the certificate's Description not it's CN in the client specific override. Once I fixed this it all started working.

I'm still not used to subnet topology (all my configs use net30) so I will need to do some more reading to get my head around what exactly is going on here.

jaj1105 if you followed the example on the Opnsense documentation I am pretty certain you have the same problem. You need to either fix the CSO or create one if you didn't.

2
Virtual private networks / Re: OpenVPN site to site two way communication
« on: December 17, 2023, 06:07:29 am »
It's definitely something in the way OPNsense is creating the server vpn conf file because I copied my configs that I wrote by hand that I use on OpenWRT to each Opnsense server and it works perfectly and I can now ping devices in the client network from the server network.

3
Virtual private networks / Re: OpenVPN site to site two way communication
« on: December 17, 2023, 03:56:24 am »
I tried the advice of using the packet capture.

I logged into the server via SSH and tried to ping the client vpn's LAN interface. I see the icmp packet leaving the server on the ovpns1 interface but on the client vpn i never see it arrive on the ovpnc1 interface.

If I log into the client vpn firewall via SSH and I ping the server vpn LAN interface I see the icmp-request and icmp-reply packets on both firewalls.

Is something broken in OpenVPN????

4
Virtual private networks / Re: OpenVPN site to site two way communication
« on: December 17, 2023, 03:17:39 am »
I have the exact same problem.

I disabled the firewall packet inspection on both firewalls to rule out that it's a firewall rule and that didn't help.

If the client vpn can ping the server vpn lan interface the the routes have to be correct or else the server would not have the correct route to reply back to the client.

There is nothing in any firewall log or any log for that matter indicating why traffic going to the client site is being blocked.

I have never had an issue setting up OpenVPN site to site VPNs on other platforms but on those platforms I'm not locked into a GUI interface.


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2