Radius Authentication over IPSec VPN

Started by Slacky85, January 29, 2019, 12:19:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 29, 2019, 12:19:44 PM
Hello,

I'm facing a problem with the access authentication via a remote Radius server reachable on an IPSEC VPN between OPNSense and another firewall in different location. Basically I have the same problem also for the internal DNS and NTP but one problem at time.
What I can see is that the OPNSense send the authentication request with its WAN IP Address so there is no rule to the remote host and also if I add it of course there isn't route for the traffic to come back over the tunnel.
I made several search but really don't know how I can change this behaviour that seems be the default one. Any idea?

Thanks
January 29, 2019, 02:42:14 PM #1
Sounds like a general connectivity issue. Make sure there are no firewalls (network or host) to block the traffic and that there are routes in place at both ends.

Bart...
January 30, 2019, 09:53:25 AM #2
No connectivity issue, the VPN is UP and all the traffic pass without problem.
I just need to make OPNSense present itself with the LAN IP address instead of the WAN when it send RADIUS authentication to the RADIUS server that is reachable only through one of the IPSEC VPN.
|--LAN--OPNSense|-----IPSEC-VPN----|SITE_B_FIREWALL--RADIUS_Server|

what I can see from the log is that opnsense send the request with its own wan address so it can't work. No idea if I miss some settings or if there is a trick to modify this.

Thanks


January 30, 2019, 12:24:14 PM #3
Same as https://forum.opnsense.org/index.php?topic=11357.msg51419#msg51419

IPsec is in the way ;)


Cheers,
Franco
February 01, 2019, 03:31:18 PM #4
Thanks Franco!
Print
Go Up Pages1
User actions