Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Access Across High Availability Setup
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Access Across High Availability Setup (Read 1137 times)
ffink
Newbie
Posts: 1
Karma: 0
OpenVPN Access Across High Availability Setup
«
on:
January 10, 2022, 11:19:47 am »
Hey Guys,
I have the following Setup:
2x OPNSense configured in HA with:
Virtual LAN IP: 10.0.1.1/24
opnsense1 LAN: 10.0.1.2/24
opnsense2 LAN: 10.0.1.3/24
CARP Addresses for both hosts are 172.16.3.1/24 and 127.16.3.2/24. The HA and Failover on Virtual LAN IP and Virtual WAN IP work fine.
These Are connected in the same LAN Subnet (10.0.1.0/24) I then have configured OpenVPN (10.0.8.0/24 Transfernet) on the master opnsense and created the following rules:
on OpenVPN Interface:
Protocol
Source
Port
Destination
Gateway
Schedule
Description
IPv4 *
*
*
*
*
*
*
on LAN interface:
Protocol
Source
Port
Destination
Gateway
Schedule
Description
IPv4 *
OpenVPN net
*
*
*
*
*
on WAN Interface:
Protocol
Source
Port
Destination
Gateway
Schedule
Description
IPv4 UDP
*
1194
WAN net
*
*
*
Both Systems also have their own WAN IPv4 Addresses and i can connect to both OPNSense's individually using their individual WAN IP's. When i connect to opnsense1 with openvpn, i can access the entire LAN-net except for opnsense2 (10.0.1.3/24). When i connect to opnsense2 with openvpn, i can also access the entire LAN-net except for opnsense1 (10.0.1.2/24).
When i look into Firewall -> Log Files -> Live View i can see the following:
Interface
Time
Source
Destination
Proto
Label
LAN
Jan 10 11:16:22
10.0.8.6
10.0.1.3
icmp
Default deny rule
So this means that the icmp request is blocked by a default deny rule. However i have a rule in Firewall -> Rules -> LAN that allows any traffic from the OpenVPN net.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Access Across High Availability Setup