Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[solved] how to bind host from remote vpn ipsec network to local haproxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: [solved] how to bind host from remote vpn ipsec network to local haproxy (Read 1962 times)
myg63
Newbie
Posts: 5
Karma: 0
[solved] how to bind host from remote vpn ipsec network to local haproxy
«
on:
February 16, 2021, 12:03:05 pm »
Hello, my first post here.
I have two opnsense A and B running with fixed IP addresses and VPN ipsec net-to-net. The tunnels are running well with IPv4 tunnel. I can access all machines from one network A to the other network B. Also I have some web-services behind the haproxy in network B with let's encrypt ACME which is running well also and is available from internet.
What I'm trying to do: have a "server A" with a webservice in network A (behind firewall) and want to access this webservice as a "real server" from haproxy B. That does not work. When I go by using SSH onto OPNSense B and try to ping this (Server A) address - it is NOT reachable. Other adresses in network A are also NOT reachable by ping from firewall. Is that normal? There is just "no response" from the other side when pinging from firewall itself.
Server A with Webservice (192.168.112.112:80)
Network A (192.168.112.0/24)
|
|
OPNSense A (LAN 192.168.112.1)
|
|
VPN Internet
|
|
haproxy B
OPNSense B (LAN 192.168.111.1)
|
|
Network B (192.168.111.0/24)
Open SSH session to OPNSense B:
root@ext-firewall:~ # ping 192.168.112.112
PING 192.168.112.112 (192.168.112.112): 56 data bytes
^C
--- 192.168.112.112 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
So it seems that the route goes NOT thru the IPV4 Tunnel when access from local firewall or may be is blocked by firewall rule.
When I ping that host with webservice in network A from another host in network B that is possible and also I can access that webservice on host in network A from a browser in network B.
What must be configured to get this connection from haproxy in firewall B to reach a service behind firewall A - routed by IPV4 tunnel?
Thank you in advance
«
Last Edit: February 24, 2021, 08:25:33 pm by myg63
»
Logged
myg63
Newbie
Posts: 5
Karma: 0
Re: how to bind host from remote vpn ipsec network to local haproxy
«
Reply #1 on:
February 22, 2021, 11:32:56 am »
Hello guys.
I updated my original post and made an illustration. Anyone an idea why I can not ping other side from local OPNSense?
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: how to bind host from remote vpn ipsec network to local haproxy
«
Reply #2 on:
February 22, 2021, 03:45:50 pm »
Hi
Sorry, don't use ipsec anymore and can confuse something but I think this applies to all freebsd systems: you need to add a static route to route traffic from site-to-site ipsec-endpoint itself. like
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html#ipsec-pfsensetraffic
«
Last Edit: February 22, 2021, 03:53:05 pm by Fright
»
Logged
myg63
Newbie
Posts: 5
Karma: 0
Re: how to bind host from remote vpn ipsec network to local haproxy
«
Reply #3 on:
February 24, 2021, 08:24:36 pm »
Thank you. That did the trick. No firewall rules needed - thanks god
I did on each side:
1. System -> Gateways -> Single
-> Add a Gateway. Leave all Fields default. Type a name like "Firewall_Myself" and use the LAN IP Address as "IP Address"
2. System -> Routes -> Configuration
-> Add a Network Address like 192.168.111.0/24 which is the remote LAN of the other Network "behind" the tunnel. Select the local Gateway from (1)
Works great!
Case solved
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[solved] how to bind host from remote vpn ipsec network to local haproxy