Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OpenVPN routing with Site to Site not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN routing with Site to Site not working (Read 1895 times)
klamath
Newbie
Posts: 47
Karma: 0
OpenVPN routing with Site to Site not working
«
on:
August 17, 2021, 03:58:23 pm »
I am trying to setup a site to site VPN. I created a new VLAN and gateway on the remote VPN since the inside networks are overlapping.
The connection establishes, I can ping from the Opnsense firewall the remote VPN host, however I cannot connect from the "Inside" Vlan.
I am not sure if the return traffic is hairpinning back to the local LAN and not back out the openVPN interface.
Side A (Client):
LAN:192.168.1.0/24
Tunnel: 10.80.80.0/24
Remote Network: 10.81.81.0/24
Note: I am using Gateway groups, HA WAN
Side B (Server)
LAN: 192.168.1.0/24 (not used)
Vlan99: 10.81.81.0/24 (used for VPN)
Tunnel: 10.80.80.0/24
Local Network: 10.81.81.0/24 (Vlan99)
Ping From firewall to remote host:
root@cerberus:~ # ping 10.81.81.10
PING 10.81.81.10 (10.81.81.10): 56 data bytes
64 bytes from 10.81.81.10: icmp_seq=0 ttl=63 time=81.705 ms
64 bytes from 10.81.81.10: icmp_seq=1 ttl=63 time=72.062 ms
SSH/WEB from Side A to Side B:
2021-08-16T19:49:16 filterlog[17007] 116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,63,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,58012,22,0,S,256715406,,29200,,mss;sackOK;TS;nop;wscale
2021-08-16T19:49:12 filterlog[17007] 116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,127,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,51943,443,0,S,749930554,,64240,,mss;nop;nop;sackOK
2021-08-16T19:49:12 filterlog[17007] 116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,127,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,50996,443,0,S,313488011,,64240,,mss;nop;nop;sackOK
SSH/WEB from Side B to Side A (return traffic)
2021-08-17T00:48:43 filterlog[27813] 77,,,0,em0_vlan99,match,pass,out,4,0x0,,126,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,59967,443,0,S,1496152610,,64240,,mss;nop;nop;sackOK,fae559338f65e11c53669fc3642c93c2
2021-08-17T00:47:39 filterlog[27813] 77,,,0,em0_vlan99,match,pass,out,4,0x0,,62,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,57662,22,0,S,1969582485,,29200,,mss;sackOK;TS;nop;wscale,fae559338f65e11c53669fc3642c93c2
2021-08-17T00:46:33 filterlog[27813] 77,,,0,em0_vlan99,match,pass,out,4,0x0,,62,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,57662,22,0,S,1969582485,,29200,,mss;sackOK;TS;nop;wscale,fae559338f65e11c53669fc3642c93c2
Rules:
Side A:
Inside:
IPv4 * * * 10.81.81.0/24 * *
OpenVPN
IPv4 * * * 10.81.81.0/24 * * *
Side B:
Vlan99:
IPv4 * * * * * * *
OpenVPN:
IPv4 * * * * * * *
I haven't had a chance to run a remote tcpdump, I did run it last night on side A and can see the VPN traffic flow out, but I don't think im seeing return traffic hit:
00:00:00.126673 rule 116/0(match): pass out on ovpnc4: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.19.42478 > 10.81.81.10.22: Flags
, cksum 0x6481 (correct), seq 4135526895, win 29200, options [mss 1420,sackOK,TS val 3650534517 ecr 0,nop,wscale 7], length 0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OpenVPN routing with Site to Site not working