Problème réglé en ajustant le firewall, le LAN serveur accède bien au LAN client.

Il me reste un souci, j'avait une règle NAT pour rediriger un port spécifique depuis le WAN serveur vers une IP client. Cette règle fonctionnait en Site to Site Shared Key mais je ne parviens pas à la faire fonctionner sur le VPN TLS/SSL.

Capture d'écran 2024-03-11 112308.png

Qu'est ce que le passage en TLS/SSL peut avoir à voir avec cela?

Des Idées?

@felipefonsecabh said in Make a Túnnel trought IPSSEC and OpenVPN using PFSense:

Router of External Access can ping DVC1

What source IP does it use for that?
To pass the IPSec tunnel it must be in he 192.168.15.0/24 subnet.
In which case it can only be the External Access router blocking traffic clients on it's LAN. Or potentially redirecting traffic past the IPSec tunnel?
What is that device?

Steve

And that worked?

If not then check for blocked traffic. Check the state table at both sites make sure traffic is going where you think it should.

Steve

@munzy Status > System Log >OpenVPN should be able to provide you that info.

Screenshot 2023-01-05 at 9.06.59 PM.png

@markedo hi , did you have luck resolving this ?

@mrDick гляньте тут - https://forum.netgate.com/topic/131401/%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-openvpn/75 настроено не по феншую, а переделать не получается. Но сколько лет работает на 3 офиса.

UPD по новым требованиям отключите сжатие и поставьте алгоритм на 512

UPD2 тьфу, забыл. Может уже и не актуально, но в Keenetic в ПЕРВУЮ ОЧЕРЕДЬ отрубите свой OpenVPN от других интерфейсов через CLI (там мануал есть в их хелпе), иначе эта пакость будет туннель пихать и в WI-Fi, даже если там гостевая сеть настроена!!!

@brenno_athayde said in Client vpn não comunica com a filial:

Olá, consegui resolver o problema. Percebi que estava faltando adicionar o ip do meu túnel da VPN client-to-site no campo "IPv4 Remote network(s)" nas configurações de VPN Site-to-Site tanto na matriz, quanto na filial.
Agradeço muito pela ajuda @acamoura .

Olá @Brenno_Athayde,
Ainda bem que era um simples detalhe de somente ter que publicar a rede para que a comunicação fosse estabelecida e agora se encontra funcionando o tráfego normalmente.
Precisando estamos à disposição.

@viragomann
@viragomann
Thank you so much for your reply. I have managed to do some magic by following this forum discussion:

www.truenas.com/community/threads/truenas-12-openvpn-service-testing.85461/page-2

Also, this should not be possible, right?

b59dd3a3-ac9d-4c42-89f7-6bf3dbd29f62-image.png

172.17.1.27 is a Server on the IPsec-Side, not an OVPN-client.
Why did this appear as src on the ovpns1 Interface...

@noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

@trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

so your problem is now solved with this

added this to my advanced custom options within the OpenVPN client setup:
;pull-filter ignore redirect-gateway;

brNP

Yep - works great now, no thanks to ExpressVPN support.

@pigbrother
Спасибо )

@Bekoj said in TLS Error : something wrong with Certificates ?:

installed pfsense brand new in 2.4.5 version

installed pfsense brand new in 2.4.5 version

hmmm, next time I'll ask first...😉

@Gertjan "Oooohhhh. And you're telling that now ?"
Yes, we went around a bit, the point is, it's okay

Then its something with the switches.. Do they have gateways set? Do they allow access from other than their own network.. Are their masks set correctly.. What is your tunnel network, if they are set for say 10/8 and think your coming from a local IP, they won't send answer back to gateway, etc.