Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Connected to VPN, unable to take advantage of rules using VTI gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: Connected to VPN, unable to take advantage of rules using VTI gateway (Read 858 times)
ja133
Newbie
Posts: 3
Karma: 0
Connected to VPN, unable to take advantage of rules using VTI gateway
«
on:
June 23, 2023, 04:51:05 am »
Hello, long time lurker, first post. I moved over from pfSense a few months ago and couldn't be happier!
Anyhow, one small issue. I am hosting my own VPN server with both OpenVPN and Wireguard and I experience the same issue on both services. I also have a VTI with Wireguard (but already tried changing it to IPSec, and experienced the same exact issue)
Under the firewall rules (both openVPN and WG), I created a rule to route a specific alias over the VTI. When trying to access the alias from the VPN, the page tries to load. I get the favicon, but eventually it just times out.
Copy the exact same rule but under the LAN interface, and it works perfectly when accessing from my home network
Sounds like an MTU issue to me, and I've played around with it but no luck. Any other suggestions?
Thank you
Logged
zan
Full Member
Posts: 175
Karma: 31
Re: Connected to VPN, unable to take advantage of rules using VTI gateway
«
Reply #1 on:
June 23, 2023, 04:37:53 pm »
Try clamping the MSS too, eg: use 1400 for both MTU and MSS.
Logged
ja133
Newbie
Posts: 3
Karma: 0
Re: Connected to VPN, unable to take advantage of rules using VTI gateway
«
Reply #2 on:
July 07, 2023, 02:08:06 pm »
Thank you. After running a packet capture I realized that the issue was unrelated to MTU. I had to create an outbound NAT rule. Source is the WG subnet, destination is the alias I created, and NAT address is the OPT interface address associated with the VPN.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Connected to VPN, unable to take advantage of rules using VTI gateway