Author Topic: [solved] route issue on connections over site 2 site vpn (Read 3592 times)

greY · « **on:** February 12, 2019, 10:16:40 pm »

Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?

mimugmail · « **Reply #1 on:** February 13, 2019, 05:34:57 am »

Reverse Proxy runs on the same device as IPSec peer?

greY · « **Reply #2 on:** February 13, 2019, 07:30:16 pm »

Reverse Proxy runs on OPNsense.
The infrastructure looks like this:
site A site B
|OPNsense| |Unifi USG |
| |----IPSEC tunnel-----| |
|HAproxy | | |
|
|
WEB Services

mimugmail · « **Reply #3 on:** February 13, 2019, 07:48:31 pm »

Then you have to add your WAN/32 to IPSec SA

greY · « **Reply #4 on:** February 13, 2019, 09:07:16 pm »

Thanks, but please could you describe a bit more exactly what to do ?

mimugmail · « **Reply #5 on:** February 14, 2019, 05:55:55 pm »

In Phase2 add local net your WAN adress as network with /32 and remote the other LAN

greY · « **Reply #6 on:** February 15, 2019, 09:38:09 pm »

The issue was that haproxy was only listening to 127.0.0.1:port, I added the local router IP:port and everything works.
anyways thanks for helping.

Author Topic: [solved] route issue on connections over site 2 site vpn (Read 3592 times)

greY

[solved] route issue on connections over site 2 site vpn

mimugmail

Re: route issue on connections over site 2 site vpn

greY

Re: route issue on connections over site 2 site vpn

mimugmail

Re: route issue on connections over site 2 site vpn

greY

Re: route issue on connections over site 2 site vpn

mimugmail

Re: route issue on connections over site 2 site vpn

greY

Re: route issue on connections over site 2 site vpn