site to site openvpn connection doesnt work fully
-
@chpalmer @viragomann
one more thing remains.
since site 1 can access site 2 just fine now I tried port forwarding my webserver on site 2 from 1 but it doesn't work.
-
@elliopitas
Addition to the port forwarding at site 1, you need a firewall rule at 2 on the incoming interface to allow the access. But note: not on the OpenVPN tab!No rule on the OpenVPN tab must match the forwarded traffic!
The same is true for floating rules.I.e. best is to remove all rules from the OpenVPN tab if this is your only one VPN instance. If you have multiple either assign interfaces to them all and put your rules there, or care that the OpenVPN rules does not match the forwarded packets.
-
@viragomann ok thanks I will try and update
thank you for all your help so far. -
@viragomann ok disabled everything for ovpn and moved it to the interfaces
for now I enabled everything on both sites interfaces
and on site one
but it still doesn't forward my stuff. only the last rule that it forwards a LAN address works fine -
@elliopitas said in site to site openvpn connection doesnt work fully:
ok disabled everything for ovpn and moved it to the interfaces
for now I enabled everything on both sites interfacesRemember, I was talking about the client site.
Post the rules so that we can verify.
You can sniff the traffic on the client to check if you see the packet on the VPN interface and if they are there also on the internal interface.
-
@viragomann i just alow everything so it should be fine
site 2 client
and site 2
-
@elliopitas
HOME is the VPN interface on the client?Please also show the "OpenVPN" rules?
-
@viragomann since nat is working fine and everything is allowed thru the firewall then what is it?
-
@elliopitas said in site to site openvpn connection doesnt work fully:
@viragomann since nat is working fine and everything is allowed thru the firewall then what is it?
@viragomann said in site to site openvpn connection doesnt work fully:
@elliopitas
HOME is the VPN interface on the client?
Please also show the "OpenVPN" rules? -
@elliopitas said in site to site openvpn connection doesnt work fully:
@viragomann home is on the client site 2 and George is at site 1 the VPN server.
I don't have any "OpenVPN". I removed them as you said.
I don't have any. like you said I disabled them and I am using the tunnel interfaces instead (HOME, GEORGE)@elliopitas said in site to site openvpn connection doesnt work fully:
@viragomann i just alow everything so it should be fine
site 2 client
and site 2
-
@elliopitas
Ok, from the view of the firewall rules it should work now.Does the webserver basically respond to access from outside? Did you test it with a local forwarding on site 2?
Is the site 1 WAN reachable on TCP 1443?
To investigate use Diagnostic > Packet Capture. On site one check if you see incoming packets on TCP port 1443. If so, check on the VPN interface for packets on port 443 as you forward it.
When you see the packets on both, go to site 2 and sniff the traffic on the incoming VPN interface and on the server facing interface and check for packets on port 443.
-
@viragomann ok figured it out
plex was getting the my site 2 public ip so it was trying to connect directly
so I gave the docker its own IP and made this rule
now I get
this is my rule
I even tried
to test if I left a port closed but still the same.when I disable the rule that changes the default gateway to site 1 it finds the private and public IP just fine