Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[SOLVED] vpn access to intranet blocked by Default deny rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] vpn access to intranet blocked by Default deny rule (Read 4595 times)
bigfox
Newbie
Posts: 3
Karma: 0
[SOLVED] vpn access to intranet blocked by Default deny rule
«
on:
September 08, 2020, 04:18:28 pm »
[SOLVED]
After checking, it was a routing issue that prevented access to the server.
The problem is not related to firewall rules.
go to 'Additional BOOTP/DHCP Options', use DHCP pushing a static route to solve the problem.
-----------------------------------------------------------
opnsense ip :192.168.1.1
my other gateway ip :192.168.1.2
mywebserver ip:192.168.1.61 gateway :192.168.1.2 dns:192.168.1.2
my mobile use openvpn,ip :10.0.8.6
I use 10.0.8.6 browse 192.168.1.61
I want to use vpn to access my webserver and can ping, but access to port 80 is blocked by the default rules. Normal access without VPN
I tried setting up a few firewall rules, but nothing worked.
thanks
log:LAN Sep 8 20:51:52 192.168.1.2:80 10.0.8.6:44188 tcp Default deny rule
Detailed rule information :
__timestamp__ Sep 8 20:14:14
ack 3652002442
action [block]
anchorname
datalen 695
dir [in]
dst 10.0.8.6
dstport 41472
ecn
id 32338
interface bridge0
interface_name LAN
ipflags DF
label Default deny rule
length 747
offset 0
proto 6
protoname tcp
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
ridentifier 0
rulenr 16
seq 2918695121:2918695816
src 192.168.1.2
srcport 80
subrulenr
tcpflags PA
tcpopts
tos 0x0
ttl 62
urp 506
version 4
«
Last Edit: September 09, 2020, 03:18:08 pm by bigfox
»
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: vpn access to intranet blocked by Default deny rule
«
Reply #1 on:
September 08, 2020, 05:23:15 pm »
on 192.168.1.61 add static route to 10.0.8.0 through 192.168.1.1
Logged
bigfox
Newbie
Posts: 3
Karma: 0
Re: vpn access to intranet blocked by Default deny rule
«
Reply #2 on:
September 09, 2020, 09:07:23 am »
Thank you
I added the route and the server is accessible.
But can I change the settings in opnsense to fix the problem?
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: vpn access to intranet blocked by Default deny rule
«
Reply #3 on:
September 09, 2020, 09:10:26 am »
No, it is a problem with your network design.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
bigfox
Newbie
Posts: 3
Karma: 0
Re: vpn access to intranet blocked by Default deny rule
«
Reply #4 on:
September 09, 2020, 03:17:50 pm »
Quote from: banym on September 09, 2020, 09:10:26 am
No, it is a problem with your network design.
Yes, it is indeed a network design issue and there is a problem with the routing that has nothing to do with the firewall. Thanks.
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: [SOLVED] vpn access to intranet blocked by Default deny rule
«
Reply #5 on:
September 09, 2020, 03:51:16 pm »
Well it is not a "problem" with the routing. It works as designed. Two gateways in one network will lead to this kind of problems. If the VPN gateway you are routing over is not the default gateway for the local machines they need static routes to find the way back.
You could work around with other types of VPN but if you're using VPN networks and tunnel networks you will face this kind of requirements.
Routing can easily become complicated with VPN and multiple routers.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[SOLVED] vpn access to intranet blocked by Default deny rule
