Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
VPN blocked by default deny rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN blocked by default deny rule (Read 1819 times)
mszeliga
Newbie
Posts: 8
Karma: 1
VPN blocked by default deny rule
«
on:
January 13, 2021, 12:04:58 pm »
Hi
OPNsense default deny rule in "floating" intercepts traffic from IPsec VPN to a network connected directly to OPNsense, there are at least 2 rules which should ensure traffic passing.
I've got a rule for that specific traffic in IPsec (dns and http/s) and added another one allowing all traffic from IPsec to everything in floating.
...any ideas ?
btw. I do have own Deny ALL rules on every interface but this never hit by the IPsec traffic - it goes straight to the floating default deny all rule.
After some more investigation:
IPsec traffic is blocked only if I select the predefined "IPsec net" as source, if I however create an alias with the IPsec network address and use that as the source the traffic is going thru - however responses are then being blocked (as I see it responses are not seen as responses by the firewall but as new connections).
The firewall has several interfaces and all traffic is going as it should - only IPsec has problems.
...and something more:
responses to IPsec traffic are logged several seconds after request leaves the firewall on the correct interface.
I have tried to change IP-address of the VPN just to verify that I don't have a routing issue, I have no problems with traffic between any other interfaces so and the firewall is default gw. on all connected interfaces.
«
Last Edit: January 25, 2021, 09:14:25 pm by mszeliga
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
VPN blocked by default deny rule