Messages

1

Virtual private networks / Re: OPENVPN Routing in a Site2Site Network

« on: December 01, 2021, 02:07:03 pm »

Hello,

the first thing i noticed is, that the remote network from your cisco router is not a valid private IP address.
The second octet "178" indicates a public IP adress range. Nevertheless a connection should work.

Here some hints from my side:

1) Did you add the 192.178.9.0/29 network to the IPv4 Local Networks for the VPN?
2) Did you create an accepting firewall rule for the VPN-Clients to the remote 192.178.9.0/29 network?
3) Maybe the packets from VPN-Clients are sent, but you don´t get a reply from the remote side, because the source IP from your VPN is 10.0.8.0/24 and the remote side has no backroute set. Control via packet capture and create an outbound NAT rule for your VPN, if this is the problem.
4) Did you try to ping the remote side directly from OPNsense interface? Interfaces -> Diagnostics -> Ping

2

Virtual private networks / OpenVPN - Client Specific Overrides - Routes not applied

« on: November 26, 2021, 12:05:26 am »

Hello together,

I´ve created a SSL-Remote-Access-VPN-Server with the following important settings:

Server Mode: Remote Access SSL/TLS + User Auth
Local port: 1194 UDP
IPv4 Tunnel Network: 172.20.20.0/24
IPv4 Local Network: 192.168.1.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24
Force CSO Login Matching: true

The client specific override applies to my personal ldap user "prename.lastname" with this settings:

Servers: Remote Access VPN (see above)
IPv4 Tunnel Network: 172.20.22.0/24
Redirect Gateway: true
Server Definitions: true
DNS Default Domain: lastname.local
DNS Servers: 192.168.3.4

Firewall Rules are ANY - ANY on every interface (WAN, OVPN) for debugging cases.

If I join the default vpn server network with my OpenVPN Client I get the following ipconfig:

IPv4 network: 172.20.20.0/24
IPv4 address: 172.20.20.2/32
Gateway: 172.20.20.1/32

Route entries for all IPs above are automatically applied to the routing table. Traffic flow is fine.

If I join with my personal account to the 172.20.22.0/24 network settings are as follows:

IPv4 network: 172.20.22.0/24
IPv4 address: 172.20.22.2/32
Gateway: 172.20.22.1/32

No routes for 172.20.22.0/24 or 172.20.22.1/32 or 172.20.22.2/32 are added to the routing table.
If I send a icmp ping from within the vpn network to eg. 8.8.8.8, reply packets from 8.8.8.8 come back to WAN interface, but get routed to the default gateway and not out of the ovpn interface.

I tried to manually assign Virtual IP Aliases to the ovpn interface, but this did not fix the issue.
Seems like a bug for me. Maybe I´m doing something wrong.

Could you please support me?

Thanks!