OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Blocked VPN Traffic?
« previous next »
  • Print
Pages: [1]

Author Topic: Blocked VPN Traffic?  (Read 5115 times)

DaveA67

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Blocked VPN Traffic?
« on: May 15, 2018, 03:05:02 pm »
Hi

I have an IPSec VPN between an Opnsense virtual machine and a Cisco RV320
The VPN establishes and seems fine.
A PC at the remote (Cisco) end can ping devices at the Opnsense end but not vice versa.
It looks like the Opnsense is trying to send VPN traffic out to the internet instead of down the tunnel.

All the routes etc. look to have been created properly - do I need to manually set up something to route outbound VPN traffic??

Cheers

dave

« Last Edit: May 15, 2018, 05:48:02 pm by DaveA67 »
Logged

DaveA67

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Re: One way VPN Traffic?
« Reply #1 on: May 15, 2018, 03:58:32 pm »
If I drop the pf tables with pfctl -d, the ping starts working, but then I have no NAT etc!
As soon as I pfctl - e it stops again so it's definitely being blocked by the firewall, but no matter wht rules I try to add it does not fox it :/

Any ideas?

Cheers

dave

Logged

DaveA67

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Re: One way VPN Traffic?
« Reply #2 on: May 15, 2018, 05:45:34 pm »
OK I am confused now.
It seems some VPN traffic is being blocked both ways.
Some traffic is being sent via the IPSec tunnel correctly and some via the WAN??

Please see below

Network ranges at each end are the same but one routes correctly, one does not

   IPsec   May 15 16:37:45   192.168.1.1:36136   172.20.102.10:50802   tcp   IPsec internal host to host   
lan   May 15 16:37:17   192.168.1.1:50809   172.20.102.100:55438   tcp   Default deny rule
Logged

DaveA67

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Re: Blocked VPN Traffic?
« Reply #3 on: May 15, 2018, 05:53:53 pm »
This does not make any sense:-


IPsec   May 15 16:32:13   172.20.102.100:55438   192.168.1.1:50809   tcp   Default deny rule   
lan           May 15 16:32:12   172.20.102.100:55445   192.168.1.1:50809   tcp   let out anything from firewall host itself   
IPsec   May 15 16:32:12   172.20.102.100:55445   192.168.1.1:50809   tcp   USER_RULE   
IPsec   May 15 16:32:12   172.20.102.100:55438   192.168.1.1:50809   tcp   Default deny rule   
IPsec   May 15 16:32:11   172.20.102.100:55438   192.168.1.1:50809   tcp   Default deny rule   
IPsec   May 15 16:32:11   172.20.102.100:55438   192.168.1.1:50809   tcp   Default deny rule   
IPsec   May 15 16:32:11   172.20.102.100:55438   192.168.1.1:50809   tcp   Default deny rule   
lan           May 15 16:32:01   172.20.102.100:55444   192.168.1.1:50802   tcp   let out anything from firewall host itself   
IPsec   May 15 16:32:01   172.20.102.100:55444   192.168.1.1:50802   tcp   USER_RULE

data for same IP addresses seesm to flip between IPSec interface and LAN
Logged

DaveA67

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Re: Blocked VPN Traffic?
« Reply #4 on: May 16, 2018, 09:50:52 am »
OK so this morning, without me changing anything at all overnight, it's working.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Blocked VPN Traffic?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2