Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Member of VLAN - OpenVPN
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Member of VLAN - OpenVPN (Read 7821 times)
verasense
Newbie
Posts: 41
Karma: 1
Re: Member of VLAN - OpenVPN
«
Reply #15 on:
April 03, 2021, 03:30:13 am »
Yes, I think I have my rules OK. I was in the Live View and capturing packets on the interface (that's how I saw that the UDP packet was correctly delivered) but I did not receive any response from the device. I thought that maybe it's because the packet came from another network, not from its same LAN. Then I changed the "source" in the udpbroadcastrelay plugin to an address in the same LAN, and I could see the packet was forwarded with the "spoofed" IP. No answer either.
So I have no idea at the moment. I will continue tests tomorrow since I opened the firewall to let the device connect to its external server and now the apps have learn the device IP, so everything works even if I enable the firewall. However, after some time they will forget the IP again and I will have the same problem.
That is why being able to VPN into the same local VLAN was the easiest for me.
Logged
verasense
Newbie
Posts: 41
Karma: 1
Re: Member of VLAN - OpenVPN
«
Reply #16 on:
April 03, 2021, 05:00:04 am »
I have analysed the packets from a computer on the same LAN as the device and from a computer in a different VLAN with udp broadcast relay. The only difference I see is that the legitimate one sends an additional broadcast packet to 255.255.255.255 (apart from X.X.X.255). However, I can't use these broadcast IPs on udp broadcast relay because it marks them in "yellow" colour instead of "green", as if they were not valid.
Logged
dude4mars
Newbie
Posts: 5
Karma: 0
Re: Member of VLAN - OpenVPN
«
Reply #17 on:
May 27, 2021, 06:37:36 pm »
Hi Verasense,
Sorry it's almost two months ago that you were working on this. I'm late, but looking for the same solution. I have used udp-broadcast-relay to forward udp broadcast and multicasts across two internal vlans. This allows me to run both apps in the "other" vlan quite well! and it's all routed, no bridging. This is perfect.
So I also want to do this for an OpenVPN client. I've fooled around with creating some very basic firewall rules, but so far I can't seem to get it to work. Have you had any more luck?
Thanks!
Logged
dude4mars
Newbie
Posts: 5
Karma: 0
Re: Member of VLAN - OpenVPN
«
Reply #18 on:
May 28, 2021, 05:44:33 pm »
I updated to 21.1.6 and it's behaving a bit differently, but still not working.
I created an interface assignment for OpenVPN (which is required for udpbroadcastrelay) and I name this assignment something unique that doesn't match the existing OpenVPN firewall rule. I of course add another rule for the new assignment, which allows the OpenVPN traffic.
In 21.1.5, the line in udpbroadcastrelay would turn white (which I believe means it's illegal). With 21.1.6, it doesn't go white, but with a little bit of testing, it doesn't seem to work. I've not scoped it yet, but it does seem to be a bit closer to working.
Logged
dude4mars
Newbie
Posts: 5
Karma: 0
Re: Member of VLAN - OpenVPN
«
Reply #19 on:
June 01, 2021, 07:59:33 pm »
Hi. I'm hoping to generate interest here, but maybe I'll start a new thread? I'd like to thank Greelan and especially marjohn56 for their work on udp_broadcast_relay -- from here on, I'm calling it UBR to make it easier. This is an especially useful thread >>
https://forum.opnsense.org/index.php?topic=15910.0
The goal here is to get UBR to work with vpns - in this case OpenVPN. Yes TAP bridged connections and GRE over ipsec are available... not great, and not exciting. :-)
When I create an OPNsense interface for OpenVPN (which seems required for the UBR gui tool) -- the individual line goes white-out... which from other testing I believe means it's an illegal config.
I was surfing on UBR and VPN and found these two posts (the second is FreeBSD code) >>
https://community.roonlabs.com/t/talking-to-roon-from-another-vlan-i-got-it-working/119840/12
https://github.com/synfinatic/udp-proxy-2020/releases/tag/v0.0.4
Glad to help out with testing. Hope this is an exciting topic for others! Thanks!
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Member of VLAN - OpenVPN
«
Reply #20 on:
June 02, 2021, 12:41:41 am »
Thanks, but I can’t claim any credit for UBR. All marjohn56’s work.
Logged
dude4mars
Newbie
Posts: 5
Karma: 0
Re: Member of VLAN - OpenVPN
«
Reply #21 on:
June 02, 2021, 03:37:51 pm »
Hi Greelan - it's funny how sleeping changes how you look at something.
When I last posted, I was thinking that marjohn56 might "add vpn support" to UBR, which "could happen" but with today's eyes, and the benefit of coffee, it's probably more likely to just ADD udp-proxy-2020 to OPNsense.
Briefly, how difficult is this to do? Is is something a newbee could do?
Is there a more-formal way to request new code to be converted into an OPNsense package?
THANKS Greelan!!
Logged
dude4mars
Newbie
Posts: 5
Karma: 0
Re: Member of VLAN - OpenVPN
«
Reply #22 on:
June 03, 2021, 12:39:31 am »
missed latest update >>
https://github.com/synfinatic/udp-proxy-2020/releases/tag/v0.0.7
Aaron is running udp-proxy-2020 on pfSense himself, and he's looking for help on creating a "proper package" -- I bet he'd be ok taking his work into OPNsense. I'd love to help but I'm more like Homer in that gif.
udp proxy into vpn..... priceless.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Member of VLAN - OpenVPN