Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN Site to Site for all traffic
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Site to Site for all traffic (Read 535 times)
Yamanipanuchi
Newbie
Posts: 6
Karma: 0
OpenVPN Site to Site for all traffic
«
on:
July 31, 2024, 08:54:02 pm »
I am looking to create an OpenVPN site to site VPN from Site A to Site B, I want all traffic (Internet) from Site B to pass through the VPN and exit Site A.
Following instruction online I have been able to get the two sites to communicate with each other and confirm a solid VPN connection. It directing the traffic where instructions break down. Either I find outdated instruction, Or instructions that do not involve OpenVPN, Or worst case the instruction are well written but ultimately don't work.
Anyone have some basic pointers or link to instructions that are more recent and confirmed work? Or if willing, Anyone willing to step through with me on what needs to be done?
Logged
Yamanipanuchi
Newbie
Posts: 6
Karma: 0
Re: OpenVPN Site to Site for all traffic
«
Reply #1 on:
July 31, 2024, 09:39:55 pm »
Dont know if a Moderator can move this to the right area, I didnt notice the "Virtual Private Network" Section when I created this post.
Logged
Yamanipanuchi
Newbie
Posts: 6
Karma: 0
Re: OpenVPN Site to Site for all traffic
«
Reply #2 on:
July 31, 2024, 10:19:39 pm »
I've tried the following information...
I used this to get the VPN up and running...
https://windgate.net/openvpn-site-to-site-using-ssl-tls-certificate-based-authentication-between-multiple-sites-with-opnsense/
Tried this to Re-direct the traffic...
https://forum.opnsense.org/index.php?topic=4979.msg19771#msg19771
This did not work, tried messing around with the settings and VPN continued to work but did not Re-direct traffic.
Also tried to use this skipping over the wireguard config part. I figured the interfaces and setting will be similar. It didnt work, But I do like the idea of having a safe guard in place if the VPN goes down...
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
There were a few others that I did attempt but realized it was just to old to translate over to the newer config.
Logged
mattlach
Newbie
Posts: 32
Karma: 0
Re: OpenVPN Site to Site for all traffic
«
Reply #3 on:
July 31, 2024, 10:20:11 pm »
Yes, this should ideally be moved, but we can start here until it is.
If you have traffic between the two sites, and it just isn't exiting to the outside network on the side you want, I wonder if the only part that is missing is changing the gateway address.
Lets assume site1 is the side you want traffic to exit to the outside world from, and site 2 is the remote site.
You can test if this is the case by using a machine at site 2, going into manual IP settings and set the gateway to the ip address of the gateway (usually the same as the router) the machines at site 1 use. I
think
this ought to then direct the internet traffic over the VPN to site 1.
If that works, you can then return the settings to DHCP, and then change the DHCP server settings at site 2 to use the site 1 as the default gateway. You might also want to change the address for the default DNS server to that of site 1 as well, or you may find that your DNS requests exit in the wrong place.
If this
doesn't
work, then you may need someone who is better at this stuff than I am to help.
For them to do that, they will likely need more information though. A network diagram and a document list of settings currently in use will probably be necessary.
«
Last Edit: July 31, 2024, 10:22:16 pm by mattlach
»
Logged
OPNSense running as a VM in KVM under Proxmox:
- Rocket Lake Xeon E2314 in a Supermicro X12STL-F.
- IOMMU forwarded i210 Ethernet for WAN and x520 for LAN.
- Pi-hole running as separate LXC Container on same server.
- Lots of VLAN's and tricky firewall rules.
Yamanipanuchi
Newbie
Posts: 6
Karma: 0
Re: OpenVPN Site to Site for all traffic
«
Reply #4 on:
August 02, 2024, 04:21:05 pm »
I did try several different combinations of what you described above with no success.
I have a feeling it has something to do with Firewall rules.
Logged
Yamanipanuchi
Newbie
Posts: 6
Karma: 0
Re: OpenVPN Site to Site for all traffic
«
Reply #5 on:
August 02, 2024, 04:50:19 pm »
One would think it would be as simple as changing the Gateway on the LAN Interface and deny all other traffic.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN Site to Site for all traffic