24.7.3 and adding new OpenVPN Site-2-Site Issue

Started by rrosson, August 29, 2024, 03:03:07 PM

Previous topic - Next topic
I support multiple family and friends via an openvpn site-2-site connection to assist them with their computer issues (yes I am that guy). All existing openvpn (not legacy) connections that were setup before 24.7 are still functional and routes/access continue to work which allows me access. All new openvpn site-2-site connections created after 24.7 I am able to reach the firewall but no other network hanging off the firewall.

Where there are no ip network conflicts this is just a simple site-2-site (p2p) with routes from the local and remote network. Where there is a nip network conflict BINAT rules have been added to eliminate it. Like I mentioned these continue to work as there where setup before upgrading to 24.7.x.

All rules and tcpdump show the traffic entering the tunnel but the other end never sees it.

I serve as the server and all others are clients. Each client is configured with static keys and a certificate for authentication. Followed the docs on openvpn site-2-site instances for all connections

Has any one tried setting up a site-2-site since upgrading to 24.7.x?

If require more information please let em know and I will provide upon request.

- Ron

I am finding it hard to believe that no one has seen this issue or has discovered this issue after my post that has over 150 views. I have 5 tunnels working that were setup and running before 24.7 and 2 tunnels that were built post 24.7 upgrade that have the p2p between the firewalls but no routes to the network behind them.

I am bumping my own thread in hopes that someone else has seen this issue when setting up a net new site-2-site openvpn tunnel with 24.7.x. I have a total of 7 site-2-site tunnels where 5 of them were setup before 24.7 and are running flawlessly. The two newest ones setup exactly the same way I am only able to have traffic between the two firewalls.

There seems to be a lot of 0 replies lately. They must be very busy. I do recall in the new "instances" setup for servers, that you can enter the IP address and or subnet to connect to. Instances/local network/Local Network

November 17, 2024, 08:57:40 PM #4 Last Edit: November 17, 2024, 08:59:31 PM by Patrick M. Hausen
Quote from: lshantz on November 17, 2024, 08:32:20 PM
There seems to be a lot of 0 replies lately. They must be very busy.

This is a community forum, not a support portal. Just users helping users. I for one don't run OpenVPN for S2S, only IPsec and WireGuard. I have a single installation of OpenVPN for remote access to our office networks, all new "instances" with AD/LDAP integration. Works flawlessly.

So - sorry. Unless some other user of OPNsense is also running OpenVPN for S2S and shared your problem and solved it - where do you suggest an answer should come from?

If this is business critical, buy a support subscription and open a support ticket. Again: this is not the OPNsense support platform. Commercial support is available here:

https://shop.opnsense.com/product-categorie/support/

HTH
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Historically there are answers when they have time. So are you saying they no longer jump in and help users unless they pay for help?

November 18, 2024, 07:48:44 AM #6 Last Edit: November 18, 2024, 03:14:16 PM by Patrick M. Hausen
They still do when there is time to spare of course - Cedrik (monviech) has been quite active lately.

But it looks like nobody is using OpenVPN for S2S? I don't know.

If you need support *now* for a business I'd recommend buying support.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)