Topics

1

23.1 Legacy Series / Azure OpnSense S2S VPN not passing traffic to Azure LAN

« on: June 13, 2023, 11:06:19 pm »

I am running an Azure Virtual OpnSense instance.

I have set up a site-to-site IP tunnel (policy-based) using these instructions:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html

The tunnel is up and passing traffic from Site A (office) to Site B (Azure).
From Site B, I can connect to everything on Site A.
From Site A, the ONLY thing I can talk to on Site B is the OpnSense instance.

From my computer on Site A, I ping something on Site B and see it in the logs as passing through:
--- --- ---   icmp   let out anything from firewall host itself

so the OpnSense firewall doesn't seem to be the issue.

I then thought the issue might be the Azure VM firewalls, so I put in a rule to allow all ICMP.  When I did that, I was able to ping Site A -> Internet -> Azure VM public address, but not Site A -> S2S -> OpnSense -> Azure VM private address

I then read elsewhere in these forums to try turning on IP forwarding on the OpnSense VM, so I did that.   No change.

Any idea why traffic from Site A -> S2S -> Opnsense doesn't get to the Azure LAN?

2

23.1 Legacy Series / Firewall Alias over OpenVPN

« on: February 16, 2023, 10:20:15 pm »

Hello,  I am trying to prohibit certain traffic from specific computer(s) coming in via OpenVPN.

Under Firewall -> Aliases, I created an alias for computer X, type MAC address, content [the mac address]
Under Firewall -> Rules, I create a rule to block all traffic from X over OpenVPN

This doesn't work at all; I can't find a way to use aliases for OpenVPN clients.  I've tried the mac address in upper and lower case, tried putting the rule on inbound and outbound, and tried moving the rule to the LAN interface as opposed to the OpenVPN interface.  I also attempted using the name (Aliases Type(s) = Host) with all of the permutations, and host doesn't want to work either.

Is there a way to prohibit traffic from certain OpenVPN clients?