"
Do you have the same problem as here?
https://forum.opnsense.org/index.php?topic=44899.0
https://forum.opnsense.org/index.php?topic=44899.0
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: Second OpenVPN server instance unable to route local traffic?
January 07, 2025, 12:19:05 PM #2
Virtual private networks / Re: OpenVPN cannot access Client network
December 29, 2024, 07:35:27 PM
First I could not make Client Specific Overrides to apply to Site-B and I though it was related to this issue: https://github.com/opnsense/core/issues/6915
After some tests I was able to apply Client Specific Overrides to Site-B by selecting on the server side [Username as CN]
Next from the client side (Site-B) I have configured username to match CN.
Now I see Client Specific Overrides has been applied and I see following:
client Site-A-VPN 172.17.1.1 192.168.9.10
However when I ping from Site-A to 192.168.2.254 (Site-B) the same situation
- no ping replay, no ping packet on the Site-B
I have tried following:
Instance configuration:
---
Role: Server
Type: TUN
Server (IPv4): 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Client Specific Overrides <-- Did not help
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.2.0/24
Remote Network: 192.168.1.0/24
Client Specific Overrides <-- Did not help
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Am I missing something here? Or maybe there is some Bug I'm not aware of?
After some tests I was able to apply Client Specific Overrides to Site-B by selecting on the server side [Username as CN]
Next from the client side (Site-B) I have configured username to match CN.
Now I see Client Specific Overrides has been applied and I see following:
client Site-A-VPN 172.17.1.1 192.168.9.10
However when I ping from Site-A to 192.168.2.254 (Site-B) the same situation
- no ping replay, no ping packet on the Site-B
I have tried following:
Instance configuration:
---
Role: Server
Type: TUN
Server (IPv4): 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Client Specific Overrides <-- Did not help
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.2.0/24
Remote Network: 192.168.1.0/24
Client Specific Overrides <-- Did not help
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Am I missing something here? Or maybe there is some Bug I'm not aware of?
#3
Virtual private networks / OpenVPN cannot access Client network
December 28, 2024, 11:06:37 PM
Hi Guys
I'm trying to test Site to Site VPN connection with OpenVPN in my proxmox test lab
Here is my network diagram: (see attached screenshot)
Here is Configuration:
=============================
Site-A
--------------------
WAN: 172.17.1.1/24
LAN: 192.168.1.254/24
Instance configuration:
---
Role: Server
Type: TUN
Server (IPv4): 192.168.9.0/24
Topology: Subnet
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Client Specific Overrides
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Site-B
--------------------
WAN: 172.17.1.2/24
LAN: 192.168.2.254/24
Instance configuration:
---
Role: Client
Type: TUN
Local Network: 192.168.2.0/24
Remote Network: 192.168.1.0/24
VPN interfaces added and enabled in both sites
Firewall allows all traffic from any to any in both sites
VPN is connected as following and no issue here:
---
Site-A (Server)
server Site-A-VPN UNDEF 172.17.1.2:34746 192.168.9.2
Site-B (Client)
client Site-A-VPN 172.17.1.1 192.168.9.2
Problem:
=============================
I cannot reach netwrok 192.168.2.0/24 (Site-B) from Site-A
Tests:
=============================
site-b:~ # ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=64 time=0.098 ms
site-b:~ # ping 192.168.1.254 <--(!) Site-A Network
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=1.397 ms
site-b:~ # netstat -nr
Destination Gateway Flags Netif Expire
default 172.17.1.254 UGS vtnet0
127.0.0.1 link#4 UH lo0
172.17.1.0/24 link#1 U vtnet0
172.17.1.2 link#4 UHS lo0
192.168.1.0/24 192.168.9.1 UGS ovpnc1
192.168.2.0/24 link#2 U vtnet1
192.168.2.254 link#4 UHS lo0
192.168.9.0/24 link#8 U ovpnc1
192.168.9.2 link#4 UHS lo0
site-a:~ # ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=0.110 ms
site-a:~ # ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes <--(!) Site-B Network no response and cannot access it
site-a:~ # netstat -nr
Destination Gateway Flags Netif Expire
default 172.17.1.254 UGS vtnet0
127.0.0.1 link#4 UH lo0
172.17.1.0/24 link#1 U vtnet0
172.17.1.1 link#4 UHS lo0
192.168.1.0/24 link#2 U vtnet1
192.168.1.254 link#4 UHS lo0
192.168.2.0/24 192.168.9.2 UGS ovpns1
192.168.9.0/24 link#8 U ovpns1
192.168.9.1 link#4 UHS lo0
I have tested number of variants including
Topology: p2p, net30 <-- the same prolem
Different combination of Local Network and Remote Network but problem stil the same
With and without Client Specific Overrides on the server side no difference.
When I packet capture at the Opnsense Site-B I do not receive any ICMP packets but from Opnsense Site-A I see packets entering VPN tunnel
tcpdump -i ovpns1
22:02:20.007977 IP 192.168.9.1 > 192.168.2.254: ICMP echo request, id 19519, seq 0, length 64
22:02:21.015715 IP 192.168.9.1 > 192.168.2.254: ICMP echo request, id 19519, seq 1, length 64
I'm pretty sure this is a simple fix, but I'm unable to figure it out.
Can anyone help me with this?
Thanks,
Raf
I'm trying to test Site to Site VPN connection with OpenVPN in my proxmox test lab
Here is my network diagram: (see attached screenshot)
Here is Configuration:
=============================
Site-A
--------------------
WAN: 172.17.1.1/24
LAN: 192.168.1.254/24
Instance configuration:
---
Role: Server
Type: TUN
Server (IPv4): 192.168.9.0/24
Topology: Subnet
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Client Specific Overrides
---
Tunnel Network: 192.168.9.0/24
Local Network: 192.168.1.0/24
Remote Network: 192.168.2.0/24
Site-B
--------------------
WAN: 172.17.1.2/24
LAN: 192.168.2.254/24
Instance configuration:
---
Role: Client
Type: TUN
Local Network: 192.168.2.0/24
Remote Network: 192.168.1.0/24
VPN interfaces added and enabled in both sites
Firewall allows all traffic from any to any in both sites
VPN is connected as following and no issue here:
---
Site-A (Server)
server Site-A-VPN UNDEF 172.17.1.2:34746 192.168.9.2
Site-B (Client)
client Site-A-VPN 172.17.1.1 192.168.9.2
Problem:
=============================
I cannot reach netwrok 192.168.2.0/24 (Site-B) from Site-A
Tests:
=============================
site-b:~ # ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=64 time=0.098 ms
site-b:~ # ping 192.168.1.254 <--(!) Site-A Network
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=1.397 ms
site-b:~ # netstat -nr
Destination Gateway Flags Netif Expire
default 172.17.1.254 UGS vtnet0
127.0.0.1 link#4 UH lo0
172.17.1.0/24 link#1 U vtnet0
172.17.1.2 link#4 UHS lo0
192.168.1.0/24 192.168.9.1 UGS ovpnc1
192.168.2.0/24 link#2 U vtnet1
192.168.2.254 link#4 UHS lo0
192.168.9.0/24 link#8 U ovpnc1
192.168.9.2 link#4 UHS lo0
site-a:~ # ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=0.110 ms
site-a:~ # ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes <--(!) Site-B Network no response and cannot access it
site-a:~ # netstat -nr
Destination Gateway Flags Netif Expire
default 172.17.1.254 UGS vtnet0
127.0.0.1 link#4 UH lo0
172.17.1.0/24 link#1 U vtnet0
172.17.1.1 link#4 UHS lo0
192.168.1.0/24 link#2 U vtnet1
192.168.1.254 link#4 UHS lo0
192.168.2.0/24 192.168.9.2 UGS ovpns1
192.168.9.0/24 link#8 U ovpns1
192.168.9.1 link#4 UHS lo0
I have tested number of variants including
Topology: p2p, net30 <-- the same prolem
Different combination of Local Network and Remote Network but problem stil the same
With and without Client Specific Overrides on the server side no difference.
When I packet capture at the Opnsense Site-B I do not receive any ICMP packets but from Opnsense Site-A I see packets entering VPN tunnel
tcpdump -i ovpns1
22:02:20.007977 IP 192.168.9.1 > 192.168.2.254: ICMP echo request, id 19519, seq 0, length 64
22:02:21.015715 IP 192.168.9.1 > 192.168.2.254: ICMP echo request, id 19519, seq 1, length 64
I'm pretty sure this is a simple fix, but I'm unable to figure it out.
Can anyone help me with this?
Thanks,
Raf
Pages1
