Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Help with strange behaviour with an IPSec Tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Help with strange behaviour with an IPSec Tunnel (Read 1077 times)
flackoluke
Newbie
Posts: 1
Karma: 0
[SOLVED] Help with strange behaviour with an IPSec Tunnel
«
on:
February 07, 2022, 04:40:19 pm »
SOLVED:
DON'T USE ALIAS IN SOURCE, DESTINATION OR EXTERNAL NETOWKR IN THE NAT SECTION.
Hello, first time poster here.
We have OPN Sense at work and I personally manage the istance.
I created an IPSec with a new client yesterday.
I see a strange behaviour regarding NAT and traffic, let me explain with some background.
Topology:
Our Network: 10.41.35.0/24
Client Network: 10.168.3.16/28
NAT:
Source 10.41.35.0/24
Destination 10.168.3.16/28
ExternalIP: 10.169.3.0./28
Firewall Rules:
Interface IPSec Allow from 10.41.35.0/24 to 10.168.3.16/28 Port 8089 and Port 8000 (Splunk)
Now the strange behaviour it's that a machine 10.41.35.2 can telnet on both 8000 and 8089 ports however another machine 10.41.35.3 can't.
Firewall traffic log from the .2 machine is IPSec internal host to host allowed with the correct NAT'd ip
Firewall traffic log form .3 machine is Default deny rule denied with the incorrect ip
Can someone help me?
«
Last Edit: February 07, 2022, 05:50:38 pm by flackoluke
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Help with strange behaviour with an IPSec Tunnel