OpenVPN routing with Site to Site not working

Started by klamath, August 17, 2021, 03:58:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 17, 2021, 03:58:23 PM
I am trying to setup a site to site VPN.  I created a new VLAN and gateway on the remote VPN since the inside networks are overlapping.

The connection establishes, I can ping from the Opnsense firewall the remote VPN host, however I cannot connect from the "Inside" Vlan.
I am not sure if the return traffic is hairpinning back to the local LAN and not back out the openVPN interface.


Side A (Client):

LAN:192.168.1.0/24
Tunnel: 10.80.80.0/24
Remote Network: 10.81.81.0/24

Note: I am using Gateway groups, HA WAN

Side B (Server)

LAN: 192.168.1.0/24 (not used)
Vlan99: 10.81.81.0/24 (used for VPN)
Tunnel: 10.80.80.0/24
Local Network: 10.81.81.0/24 (Vlan99)


Ping From firewall to remote host:
root@cerberus:~ # ping 10.81.81.10
PING 10.81.81.10 (10.81.81.10): 56 data bytes
64 bytes from 10.81.81.10: icmp_seq=0 ttl=63 time=81.705 ms
64 bytes from 10.81.81.10: icmp_seq=1 ttl=63 time=72.062 ms

SSH/WEB from Side A to Side B:

2021-08-16T19:49:16   filterlog[17007]   116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,63,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,58012,22,0,S,256715406,,29200,,mss;sackOK;TS;nop;wscale
2021-08-16T19:49:12   filterlog[17007]   116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,127,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,51943,443,0,S,749930554,,64240,,mss;nop;nop;sackOK
2021-08-16T19:49:12   filterlog[17007]   116,,,fae559338f65e11c53669fc3642c93c2,ovpnc4,match,pass,out,4,0x0,,127,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,50996,443,0,S,313488011,,64240,,mss;nop;nop;sackOK


SSH/WEB from Side B to Side A (return traffic)

2021-08-17T00:48:43   filterlog[27813]   77,,,0,em0_vlan99,match,pass,out,4,0x0,,126,0,0,DF,6,tcp,48,192.168.1.24,10.81.81.10,59967,443,0,S,1496152610,,64240,,mss;nop;nop;sackOK,fae559338f65e11c53669fc3642c93c2
2021-08-17T00:47:39   filterlog[27813]   77,,,0,em0_vlan99,match,pass,out,4,0x0,,62,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,57662,22,0,S,1969582485,,29200,,mss;sackOK;TS;nop;wscale,fae559338f65e11c53669fc3642c93c2
2021-08-17T00:46:33   filterlog[27813]   77,,,0,em0_vlan99,match,pass,out,4,0x0,,62,0,0,DF,6,tcp,60,192.168.1.19,10.81.81.10,57662,22,0,S,1969582485,,29200,,mss;sackOK;TS;nop;wscale,fae559338f65e11c53669fc3642c93c2


Rules:

Side A:

Inside:
IPv4 *    *    *    10.81.81.0/24    *    *
OpenVPN
IPv4 *    *    *    10.81.81.0/24    *    *    *

Side B:

Vlan99:
IPv4 *    *    *    *    *    *    *
OpenVPN:
IPv4 *    *    *    *    *    *    *


I haven't had a chance to run a remote tcpdump, I did run it last night on side A and can see the VPN traffic flow out, but I don't think im seeing return traffic hit:

00:00:00.126673 rule 116/0(match): pass out on ovpnc4: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
   192.168.1.19.42478 > 10.81.81.10.22: Flags , cksum 0x6481 (correct), seq 4135526895, win 29200, options [mss 1420,sackOK,TS val 3650534517 ecr 0,nop,wscale 7], length 0
Print
Go Up Pages1
User actions