Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
Routing Help
« previous
next »
Print
Pages: [
1
]
Author
Topic: Routing Help (Read 9588 times)
Andreas
Sr. Member
Posts: 272
Karma: 9
Routing Help
«
on:
October 23, 2015, 12:08:09 pm »
Hi,
my Situation
Client (192.168.100.183) <-Ipsec-> OPNSense 192.168.252.96 (192.168.252.0/22) <-IPSec-> Fritz Box (10.40.1.0/24)
The Client 192.168.100.183 got just the Route 192.168.252.0./22 over IPSec. Nothing else can be configured -
My Problem is now - i wanna access the Client from the 10.40.1.0 /24 Net or other Net e.g. from OPENVPN Clients connected to the OPNSense FW...
Is there a way to do that?
Thx
Andreas
Logged
lucifercipher
Jr. Member
Posts: 55
Karma: 9
Re: Routing Help
«
Reply #1 on:
October 23, 2015, 05:59:57 pm »
Hi,
Did you add an allow rule for the firewall and also allowed private networks to access ?
Logged
Andreas
Sr. Member
Posts: 272
Karma: 9
Re: Routing Help
«
Reply #2 on:
October 23, 2015, 08:33:33 pm »
Yes,
the firewall is open and all is allowed
Logged
lucifercipher
Jr. Member
Posts: 55
Karma: 9
Re: Routing Help
«
Reply #3 on:
October 23, 2015, 10:33:14 pm »
Quote from: avengineering on October 23, 2015, 08:33:33 pm
Yes,
the firewall is open and all is allowed
Ok. Thank you. Just for a small test, can you disable all types of SPI / firewall on your Fritzbox too? Or perhaps add your client IP 10.40.1.x/32 as a DMZ host on Fritz?
Just trying to give options here.
Logged
Andreas
Sr. Member
Posts: 272
Karma: 9
Re: Routing Help
«
Reply #4 on:
October 24, 2015, 08:03:34 am »
I think its more a Routing problem then a Firewall Problem.
Tracing the Clients shows that the Fritz Box doesnt know the way to sent the packages and i think the client
192.168.100.183 even has no routing to the 10.40.1.0/24 net
Logged
Andreas
Sr. Member
Posts: 272
Karma: 9
Re: Routing Help
«
Reply #5 on:
October 24, 2015, 09:32:21 pm »
Hi,
can someone pls explain what to configure for
NAT/BINAT Options in the IPSec Configuration.
I Think this would solve my problems... if i can configure it right
its like this picture shows
http://www.cisco.com/c/dam/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping00.gif
acutally i get in the log
Oct 24 22:18:42 charon: 14[CFG] received stroke: route 'con3'
Oct 24 22:18:42 charon: 10[CFG] added configuration 'con3'
i tried to nat the IP 192.168.100.183 to the 192.168.250.183 in the config to the Fritz Box (second phase entries added)
what i did in the ipsec configuration to the 192.168.100.183 client you can lookup in the attachment
Thx.
«
Last Edit: October 24, 2015, 10:53:40 pm by avengineering
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
Routing Help