Topics

1

16.1 Legacy Series / ipsec road warrior using vpnv4 as gateway

« on: June 08, 2016, 06:49:56 pm »

Hello all.

Another question. I have a ipsec road warrior setup in whih I want the ipsec traffic routed out via the vpnv4 (openvpn) gateway instead of the standard gateway WAN.

How do I go about achieving this?

I have tried to change the default rule under ipsec to reflect the vpnv4 gateway as opposed to standard gateway but after that no internet traffic flows through the ipsec tunnel anymore.

I also tried creating a rule for 11.11.0.0/24 with vpnv4 as a gateway. Neither in LAN or IPSEC tabs did this work. It just stops traffic from going through the tunnel again.

Any input or ideas would be greatly appreciated.

Greets,

lotusje

2

16.1 Legacy Series / Openvpn client needs restart after boot to properly work?

« on: June 08, 2016, 06:15:09 pm »

Hello all.
I might have found an issue with opnsense as openvpn client.

In my setup opnsense connects to a vpn server and a handfull of clients use this connection as per firewall rules.

The problem is when i boot/reboot the system it connects to the vpn. The connection is visible in the dashboard as well as when verifying via the openvpn connection status tab. However despite this, none of the clients that are supposed to use the vpn tunnel reach the internet. Just local ip's.

The way I found to remedy this is by simply restarting the vpn client via the openvpn connection status tab.

Is this normal behaviour? Is it a bug? Or am I missing something?

Any input would be appreciated.

Greets,

lotusje

3

16.1 Legacy Series / [SOLVED] IPsec mobile client connects but no data (on ios)

« on: June 08, 2016, 12:19:20 am »

Hello all.

After following the howto and some other threads I managed to get my iphone to connect to the ipsec server however no data goes through the tunnel. No WAN or LAN connection.

If I check the connection info on the iphone it shows a correct ip address (10.0.0.1), however the server ip address is stated as being my WAN ip of 84.x.x.x instead of the firewall ip (in my case 192.168.5.1).

I assume it's because of this no data goes through. Any idea why it is showing the wrong address for the firewall and more importantly, how to fix it?

Thanks in advance,

lotusje

4

16.1 Legacy Series / [SOLVED] Stuck with selective routing over openvpn (as client)

« on: June 07, 2016, 03:23:45 pm »

Salutations to all.
I have an A10 router with opnsense, on which i am trying to achieve the following:

1) set the 2 other ports on the router as switch (wich apparently worked).
2) configure an openvpn connection as client for 5 specific ip's.

At the end of step 2 is where I seem to run into problems.
As a guide for this step I used the excellently written instructions from Peter Wretmo on his blog.
However in his example he uses multiple subnets which i don't.

I am trying to have all LAN clients go through the WAN and just have 5 ip's routed via VPN.

After the last step "Route outgoing traffic through the VPN interface" - "Create firewall rules" (in my case; creating the 5 firewall rules for LAN and placing below the anti lockout rule), all clients connect through the VPN instead of WAN.
The exact opposite of what I want and expected.
However they do see local machines even those connected via the OPT3/switch, so my switch seems to work.

To make matters even stranger the 5 ip's I made a firewall rule for to go through the VPN, don't connect to anything at all except the firewall which here is on 192.168.5.1
Even other devices connected via the OPT3 switch on the same subnet are not visible.

So the link is up and working but the issue seems to be with the firewall rules or maybe a routing issue?
How is it that the "default allow LAN to any rule" results in going out over the VPN instead of the default route which in my setup is WAN?
How is it that the 5 exception rules which have as gateway the VPNV4, don't see anything except for the firewall?
Changing default gateway to VPN and back to WAN makes no difference. No matter what you select traffic goes out via VPN.

Any help, ideas or input would be greatly appreciated.

Thanks,

lotusje