OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Second OpenVPN will not work
« previous next »
  • Print
Pages: [1]

Author Topic: Second OpenVPN will not work  (Read 1275 times)

LastMohawk

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Second OpenVPN will not work
« on: April 06, 2024, 02:50:06 pm »
I have one Opensense that works fine:
192.168.1.254 (Lan)
OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w
Rdp works fine.

For migration I installed a second Opensense parallel to the first one with the latest updates:
192.168.1.253 (Lan)
OPNsense 24.1.5_2-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

I'm able to connect both via VPN from outside, also I'm able to connect the webgui. The configuration match, very often checked but I'm not able to ping a system in then Lan via VPN from outside with the new opensense (253) - see attachment, a simplified network diagram. So it is impossible to connect any PC in the Lan via Rdp.
I become desperate with the updated system so I fear to update all other Opensense systems.
Is there something important to know about the version 24?
Logged

FraLem

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 2
    • View Profile
Re: Second OpenVPN will not work
« Reply #1 on: April 07, 2024, 07:47:10 am »
Hi,
I would suggest to verify firewall configuration on the new system as well as routing table on the LAN devices.
Hope this helps
Rgds
Logged

LastMohawk

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Second OpenVPN will not work
« Reply #2 on: April 07, 2024, 04:42:35 pm »
Hi,
all adjustments are equal but the IP-addresses. Routing tables also. There is one thing that is very strange:
I login via VPN on the old Opensense. I can reach all systems in the LAN behind the Opensense but the new firewall. A ping with 192.168.1.253 gets no answer.
I will build a testenvironment at home with the same constellation. I'm very curious about it.
Logged

LastMohawk

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Second OpenVPN will not work
« Reply #3 on: April 17, 2024, 11:26:26 am »
After playing with a test environment I will conclude that this wouldn't work.
Both Opensense worked in single mode but together only one system is usable.
I found out that the reason was the gateway address used in LAN. The gateway showed to one of the Opensense. So a ping via vpn through this system got an answer, a ping through the other system got no answer. After changing the gateway adress to the other Opensense the function changed to the other system. I set two gateway addresses in the LAN but without any result - Windows decided by itself which gateway-address will be used.
Is there a way to get both systems working?
Logged

FraLem

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 2
    • View Profile
Re: Second OpenVPN will not work
« Reply #4 on: May 01, 2024, 07:31:17 am »
If I get it right, your goal is to set both devices in HA mode.
Should this be the case you are missing some of the configuration, take a look into https://docs.opnsense.org/manual/hacarp.html.

Regards
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Second OpenVPN will not work
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2