OpenVpn howto masquerade all VPN traffic
-
Any hints how to absolutely easy set masquerading rules that are all masking all VPN traffic
The goal is to access
Multiple Vlans on different SubnetsFirewall rules are all set
-
Huh? Not understanding what your asking? I vpn in and I can access any vlan I want. There is really nothing special to do here, just setup your local networks in our vpn config.
Are you talking about allowing access other vlans while your local and sending traffic out a vpn? If so you just need to make sure you allow access to whatever vlan above where your doing a policy route shoving traffic out a vpn..
-
Yeah just Readin your answer i think I'm on the wrong track
I'm tunneling in
And have to access different Subnets
The main problem I'm facing is that I can't access the gui of some switchesIs weird I can access the login page and then runnin into a timeout
I'm gonna dive into after some hours of sleep
BrNp -
What specific switch? Do they have gateway setup pointing back to pfsense? For their default gateway.. Can you access these switches from other vlans while you local?
It could be firewall setting in switch to not allow access from other than local network? If that is the case then you could source nat your traffic when coming in from vpn to look like its coming from the pfsense IP on that vlan to get around any gateway or filtering options on the switch.
-
No none of this l2/l3 tp links
Got a gateway pointing back to pfSYes when I'm local I can connect and work em all so pfS FW rules a fair are workin
The failure is just on the switches
Cloud Key Nas and other stuff is workin accessible fineSo you r once again right
1st check gateway to pfS and set it up
2nd check switch protectin itselfOh this will be Fun...
-
Yeah if you have 2 vlans lets call it lan and opt1
So lan is say 192.168.1/24 and opt is 192.168.2/24
Can you access the switch on opt from lan? Lets say switch is 192.168.2.100 and your pc is 192.168.1.100
if you can then that should show that your gateway is set correct on the switch, and it has no firewall rules blocking anything other than its local network.. This is all assuming your typical setup..
If that works, it seems unlikely problem is based up lack of gateway or firewall on switch when trying to access from say vpn network of 10.0.8..
-
@noplan said in OpenVpn howto masquerade all VPN traffic:
And have to access different Subnets
You can't send VLANs over a TUN mode VPN. You have to route the different subnets through the VPN.
-
to be on the same page
in openVPN Server set
something like this for each VLAN ?push "route 10.50.0.0 255.255.255.0";
push "route 10.51.0.0 255.255.255.0";
push "route 10.52.0.0 255.255.255.0";
push "route 10.53.0.0 255.255.255.0";to reach the 48port switch on 10.50.0.1 ? and so on ?
10.50 - sw50-48
10.51 - sw51-16
10.52 - sw51-24
10.53 - sw50-16the crazy thing is that i can reach the cloud keys
on 10.50 / 10.51 ... alle are reachable same with 4 x NAS and linux boxes -
Then its something with the switches.. Do they have gateways set? Do they allow access from other than their own network.. Are their masks set correctly.. What is your tunnel network, if they are set for say 10/8 and think your coming from a local IP, they won't send answer back to gateway, etc.
