Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Multiple OpenVPN Clients makes connection fail and work alternating
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple OpenVPN Clients makes connection fail and work alternating (Read 3432 times)
tja
Newbie
Posts: 24
Karma: 0
Multiple OpenVPN Clients makes connection fail and work alternating
«
on:
February 15, 2021, 07:17:05 am »
hi,
i have a very strange phenomenon on my 21.1.1 home gw.
i had a openvpn tunnel (client) to my employer which i used permanently the last year thanks to these strange times.
as i added a second client to another site the fun started: every other connection attempt - may it be icmp or ssh or whatever - fails as if it hangs on one of the firewalls inbetween. the working attempt is ok.
i checked the routing table on my side and the routing is ok. every vpn client has its own interface and the routing table entries are correct.
i need to (outbound) NAT on both sites and have (manual) configured both sites accordingly and seems to be ok as it works (half the time).
after some hours of search i used tcpdump on both openvpn interfaces and i can see that the failing attempts will be sent from the wrong interface.
what i mean is that f.e.
- the first (failing) attempt for a ping to a host in net B will be sent
from
the ovpn if for net A
- the second (working) attempt for a ping to a host in net B will be sent
from
the ovpn if for net B
the routing table is ok and the only thing i could think of to explain this behavior is something in the NAT process.
i suspect that i could tinker with "Translation / target" in the NAT settings (which is "Interface Address" now) - but i will get a different ip from the other side each time so how do i correctly set this ?
im not used to pf - is there a command to show outbound NAT settings ?
tia, tja...
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #1 on:
February 15, 2021, 08:13:09 am »
In outbound NAT I don't use interface address but the named interface address. Maybe that's worth a try?
Do you have any rules on your OpenVPN interfaces? As you're doing NAT, I can't think of rules that should be there.
Logged
„The S in IoT stands for Security!“
tja
Newbie
Posts: 24
Karma: 0
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #2 on:
February 15, 2021, 12:26:55 pm »
hi gauss.
how do you use the "named interface address" ? i would not know the interface adress till the other side assigns one to my side ?!? ...
and: i dont understand what u try to say about rules ... ofc i have fw rules but thats beside the point as i dont think these could cause the described problems ...
tia,tja...
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #3 on:
February 15, 2021, 12:36:34 pm »
In the outbound NAT rule I can select the address in the dropdown menu. There is interface address as a generic value.
If my OpenVPN interface has the name vpn_office, then I would have "vpn_office address" in the dropdown list.
Logged
„The S in IoT stands for Security!“
tja
Newbie
Posts: 24
Karma: 0
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #4 on:
February 15, 2021, 01:00:29 pm »
hi gauss,
u find me confused
as i wrote in the OP i use "Interface address" as i expected that to be the right choice.
but i cant select a openvpn interface name there ... how did u name the openvpn interface for a specific client connection and get it to appear in that "Translation / target" dropdown in the outbound NAT config ?
tia,tja...
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #5 on:
February 15, 2021, 01:12:57 pm »
Did you assign interfaces for those connections in Interfaces: Assignments
You should add the interfaces ovpnc1 and ovpnc2 to a name of your choice. Then open those interface in and enable them. Ipv4 and Ipv6 config should be set to none.
Then restart the tunnels.
Now you should see your new interfaces in Interfaces: Overview. You can click on that little arrow on the left side to expand the view for an interface. You should see your interfaces with an assigned IP. Now you should see those interface addresses in the dropdown and you should be able to select them as interface for the outbound NAT.
Logged
„The S in IoT stands for Security!“
tja
Newbie
Posts: 24
Karma: 0
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #6 on:
February 15, 2021, 07:29:07 pm »
thx gauss,
i didnt even know that u can assign ovpn interfaces - that worked perfectly !
one last question:
is it possible that these tunnels will get another ovpncX after a reboot or some config change (f.e. after removing a tunnel) as there is no visible config link between the NAT settings where i choose the interface and the openvpn client/server tunnels ?
tia,tja...
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #7 on:
February 15, 2021, 08:00:53 pm »
It's counting from 1 to X. If you remove i.e. no. 1 the connection with ovpnc2 will stay ovpnc2 even after reboots. New connections will fill up empty spaces as far as I know. So you should clean up things first before removing a connection.
Is it working now?
Logged
„The S in IoT stands for Security!“
tja
Newbie
Posts: 24
Karma: 0
Re: Multiple OpenVPN Clients makes connection fail and work alternating
«
Reply #8 on:
February 15, 2021, 08:26:25 pm »
hi gauss,
thx for the explanation.
i looked into config.xml and there i found
<vpnid>N</vpnid>
inside the tunnel config where the number relates to ovpnc<N> - so as long as i not remove and recreate the tunnel the assignments seem to be sticky.
yes, the tunnels work fine now and will use the correct source address every time confirmed by tcpdump.
thx for all the help,
wbr,tja...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Multiple OpenVPN Clients makes connection fail and work alternating