Trubl Port Forward WAN to IPSec tunel host

mic.bummer

Hello
I have a problem
Forward does not work from WAN adress (office 1) to IPSec tunel host (office 2)
Please tell me what is the reason :-[
Thank you! :)

I'm sorry, I did not find spoiler :o

[img]https://pp.vk.me/c638021/v638021615/664e/e8Nku_h_Xbs.jpg

Derelict

When the traffic from the internet host is forwarded to an IPsec host, it does not match the phase 2 traffic selector because the source address is the internet address.

Only traffic between 10.0.0.0/24 and 10.20.21.0/24 is "interesting" to IPsec.

mic.bummer

@Derelict:

When the traffic from the internet host is forwarded to an IPsec host, it does not match the phase 2 traffic selector because the source address is the internet address.

Only traffic between 10.0.0.0/24 and 10.20.21.0/24 is "interesting" to IPsec.

Can I use a different method VPN?

Derelict

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

mic.bummer

@Derelict:

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

According to the recommendations made settings
Forwarding to WAN office 1 does not work :(
Please tell me where I could be wrong?

Many thanks!

1.jpg_thumb

2.jpg_thumb

4.jpg_thumb

5.jpg_thumb

6.jpg_thumb

Derelict

Are there any rules on the OpenVPN tab next to OPT1?

If so, delete or disable them.

As soon as there are no rules on OpenVPN, do a Diagnostics > Packet Capture on that OPT1 interface using host address 10.10.21.10 port 3389 and try a couple times. What do you see there?

mic.bummer

@Derelict:

Are there any rules on the OpenVPN tab next to OPT1?

If so, delete or disable them.

As soon as there are no rules on OpenVPN, do a Diagnostics > Packet Capture on that OPT1 interface using host address 10.10.21.10 port 3389 and try a couple times. What do you see there?

Tried 2-4 attempts for 3-5 minutes :o

1.jpg_thumb

2.JPG_thumb

3.JPG_thumb

Derelict

Then the traffic is not making it that far.

Post your OpenVPN configs on both sides.

mic.bummer

@Derelict:

Then the traffic is not making it that far.

Post your OpenVPN configs on both sides.

Office1(openvpnserver).jpg
Office1(openvpnserver).jpg_thumb
Office1(openvpnclient).jpg
Office1(openvpnclient).jpg_thumb

mic.bummer

@Derelict:

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

I re-read your statement, and I have everything working !!
Excellent!!
Thank you very much!

Derelict

Outstanding. Thanks.