Config OpenVpn Multiwan

Started by desartecsrl@gmail.com, January 04, 2023, 10:14:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 04, 2023, 10:14:26 PM
Hello Forum, in an installation we added one more WAN (WAN1) to perform load balancing, we already configured everything and almost everything works fine, except the VPN that although it connects and does not give an error, we cannot access the LAN. We configure the opnsense as follows.


Firewall --> NAT --> Port Forward
--> Add (+)

- Interface                                WAN1
- Protocol                                 UDP
- Destination                            WAN1 address
- Destination port range           from:                to:
                                                OpenVPN        OpenVPN
-  Redirect target IP                 Single Host or Network
                                                127.0.0.1
- NAT reflection                        Use system default
- Filter rule association             Add associated filter rule
- Save

--> Add (+)

- Interface                                WAN2
- Protocol                                 UDP
- Destination                            WAN1 address
- Destination port range           from:               to:
                                                OpenVPN        OpenVPN
-  Redirect target IP                 Single Host or Network
                                                127.0.0.1
- NAT reflection                       Use system default
- Filter rule association            Add associated filter rule
- Save


VPN --> OpenVPN --> Servers
--> Edit

- Interface                                Localhost
- Save
January 05, 2023, 08:32:01 AM #1
What about firewall rules on the WAN interfaces?
January 05, 2023, 04:34:03 PM #2 Last Edit: January 05, 2023, 04:45:25 PM by desartecsrl@gmail.com
When doing NAT, opnsense in the WAN1 and WAN2 firewall rules is automatically added Direction: IN. Protocol IPv4, Source: *, Port: *, Target: 127.0.0.1 , Port Target: 1194, Gateway: *
January 07, 2023, 10:09:37 AM #3
if I get you right, your VPN client shows conneted.
You can see the route to your remote network, but you can not ping it.
can you ping the Remote Ip address of the VPN tunnel interface

rgds
January 07, 2023, 05:11:25 PM #4 Last Edit: January 07, 2023, 05:13:48 PM by desartecsrl@gmail.com
If it's correct, I can only access the OPNSense web manager and it responds to PINGs (192.168.254.254). But the other computers (192.168.254.229), (192.168.254.230) and (192.168.254.231) on the LAN are turned off.

This is the block diagram


January 08, 2023, 05:57:48 AM #5
Hi, On the firewall rule for the LAN interface, I guess you have selected the Gateway group, right?
Can you run a tcpdump/wireshark on any of the LAN devices and check if packets reach them?
Rgds 
Print
Go Up Pages1
User actions