Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
VPN Security policies
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN Security policies (Read 1359 times)
calbo79@hotmail.com
Newbie
Posts: 1
Karma: 0
VPN Security policies
«
on:
September 03, 2021, 04:37:14 pm »
I'm a network engineer and mostly use Palo Alto products. I stood up a site2site vpn with OPNsense to a Navisite DR peer yesterday. I followed the documentation offered on the website. I could see where there was traffic in the live firewall data that was being permitted over the VPN "auto built" rules that get created based on the Phase 2 described traffic. However, a ton of the same traffic was getting dropped at the LAN interface on the implicit block rule. It seemed like there was no rhyme or reason why some traffice was getting dropped at the lan interface but was being allowed on the enc0 interface. I tried adding policies on the LAN interface, also in floating, also in the vpn.. no joy... for "in" traffic that permitted the source traffic by IP to the destination subnet... the firewall acted like the policies weren't even there. I also made sure said policy changes were "saved and applied". The only traffic that would work was the policies natively created by creating the VPN. If I manually added rules they didn't work. I am wondering if anyone knows where I am going wrong.
Logged
ky41083
Newbie
Posts: 45
Karma: 3
Re: VPN Security policies
«
Reply #1 on:
September 03, 2021, 05:00:55 pm »
Screenshots of interface rules?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
VPN Security policies