Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN site 2 site traffic issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN site 2 site traffic issue (Read 1654 times)
EHRETic
Newbie
Posts: 41
Karma: 0
OpenVPN site 2 site traffic issue
«
on:
March 18, 2020, 03:48:43 pm »
Hi there,
I'm trying to setup my first Opnsense infra. There is my home lab and a DR site.
Both have now a firewall and incoming/outgoing traffic t WAN is working fine.
As I like it, I've restricted Outboud traffic to HTTP/HTTPS and for some other ports (see capture)
Now, I've created an OpenVPN server at home and setup the client at the DR site. Connection is active between both FWs.
But I just can't access ressources from one LAN to the other. If I look at firewall logs, I clearly see that the traffic is blocked by the "Default deny rule" (as an example RDP)
If I activate the more generic rule (the one disabled at the top of the capture), it works.
I'm confused, I though VPN traffic would be setup in the OpenVPN interface. In several tutorials, there is also mention of creating a new interface for the OpenVPN opnsX interface, which will create a new gateway.
Setting an open firewall rule on this extra interface didn't solve the issue either.
I'm suspecting a routing issue (VPN traffic should hit the VPN interface first no ?), but it is beyond my knowledge for now :-)
Help very much appreciated !
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: OpenVPN site 2 site traffic issue
«
Reply #1 on:
March 18, 2020, 03:57:54 pm »
Do you have any Rules on the VPN Interfaces to allow traffic from one LAN to the other?
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
EHRETic
Newbie
Posts: 41
Karma: 0
Re: OpenVPN site 2 site traffic issue
«
Reply #2 on:
March 18, 2020, 04:05:41 pm »
Quote from: lfirewall1243 on March 18, 2020, 03:57:54 pm
Do you have any Rules on the VPN Interfaces to allow traffic from one LAN to the other?
For now on, I've only the OpenVPN interface with an open rule (capture).
I've removed the extra VPN interface you can create in assignement to simplify the troubleshooting (gateway included).
My current setup reflects almost exactly what is mentionned here :
https://wiki.opnsense.org/manual/how-tos/sslvpn_s2s.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN site 2 site traffic issue