Show Posts
1
Virtual private networks / How to access client behind site connected to OVPN/OPNSense from other client?
« on: June 21, 2024, 11:53:35 am »
Hello forum,
I'm in the process of migrating from my NetBSD router with PF and OpenVPN server to OPNSense. Everything went smooth with some tweaks here and there. I have sucessfully imported my certficates and recreated config in OpenVPN Instance and also ccd/ settings, and basically all things are working but one thing. Here is a setup and I will explain my problem after that:
OpnSense address: 10.1.78.1
OpenVPN address: 10.66.77.1
Site A network: 10.1.78.0/24
Site B network: 10.2.78.0/24
Site C network: 10.3.78.0/24
VPN network 10.66.77.0/24
There are clients in network A, B, C.
All traffic is possible between clients in: A-B, A-C, B-A, B-C, C-A, C-B.
Only thing that isn't working (and was working in original config) is that when I connect with my phone. Phone is getting address ex 10.66.77.5 and I can easly access anything in network A, ex 10.1.78.5.
However accessing anything in Site B or C is impossible.
I tried looking in logs in GUI - no traffic logged from 10.66.77.5 when reaching anything from B or C.
Tried tcpdump on OPNsense itself on ovpns1 interface no traffc logged from 10.66.77 to ex. 10.3.78.6
Tried adding NAT on LAN and OpenVPN network.
For OenVPN interface there is a rule allow any:any
On router/client on lets say site C there is proper route for 10.66.77.0/24 network pushed from server (as well as routes to site A and B which traffic works in any direction)
u-SYS-fw01$ route show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 10.208.166.1 UGS - - - xennet0
10.1.78/24 10.66.77.1 UGS - - - tun0
10.2.78/24 10.66.77.1 UGS - - - tun0
10.3.78/24 link#2 UC - - - xennet1
10.3.78.254 link#2 UHl - - - lo0
10.66.77/24 10.66.77.1 UGS - - - tun0
10.66.77.1 10.66.77.4 UH - - - tun0
10.66.77.4 tun0 UHl - - - lo0
10.208.166/24 link#1 UC - - - xennet0
10.208.166.10 link#1 UHl - - - lo0
127/8 localhost UGRS - - 33624 lo0
localhost lo0 UHl - - 33624 lo0
I'm out of ideas right now
I'm in the process of migrating from my NetBSD router with PF and OpenVPN server to OPNSense. Everything went smooth with some tweaks here and there. I have sucessfully imported my certficates and recreated config in OpenVPN Instance and also ccd/ settings, and basically all things are working but one thing. Here is a setup and I will explain my problem after that:
OpnSense address: 10.1.78.1
OpenVPN address: 10.66.77.1
Site A network: 10.1.78.0/24
Site B network: 10.2.78.0/24
Site C network: 10.3.78.0/24
VPN network 10.66.77.0/24
There are clients in network A, B, C.
All traffic is possible between clients in: A-B, A-C, B-A, B-C, C-A, C-B.
Only thing that isn't working (and was working in original config) is that when I connect with my phone. Phone is getting address ex 10.66.77.5 and I can easly access anything in network A, ex 10.1.78.5.
However accessing anything in Site B or C is impossible.
I tried looking in logs in GUI - no traffic logged from 10.66.77.5 when reaching anything from B or C.
Tried tcpdump on OPNsense itself on ovpns1 interface no traffc logged from 10.66.77 to ex. 10.3.78.6
Tried adding NAT on LAN and OpenVPN network.
For OenVPN interface there is a rule allow any:any
On router/client on lets say site C there is proper route for 10.66.77.0/24 network pushed from server (as well as routes to site A and B which traffic works in any direction)
u-SYS-fw01$ route show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 10.208.166.1 UGS - - - xennet0
10.1.78/24 10.66.77.1 UGS - - - tun0
10.2.78/24 10.66.77.1 UGS - - - tun0
10.3.78/24 link#2 UC - - - xennet1
10.3.78.254 link#2 UHl - - - lo0
10.66.77/24 10.66.77.1 UGS - - - tun0
10.66.77.1 10.66.77.4 UH - - - tun0
10.66.77.4 tun0 UHl - - - lo0
10.208.166/24 link#1 UC - - - xennet0
10.208.166.10 link#1 UHl - - - lo0
127/8 localhost UGRS - - 33624 lo0
localhost lo0 UHl - - 33624 lo0
I'm out of ideas right now