1. Home
  2. pfSense® Software
  3. OpenVPN
  4. [SOLVED] Trying to set up an OOB Management Network

[SOLVED] Trying to set up an OOB Management Network

  • B

    Hello I am trying to set up an OOB Management Network. So far I have set up a separate VLAN for that network and I have assigned IP to all devices that need to be managed on that network. I have plugged a switch inline on that network and tested connectivity to those devices and they work fine. Now I am trying to set up an RAVPN to remote into that network from the LAN. However when I VPN to that network the session is established but I am unable to reach any devices on that network. Most RAVPN tutorials are for setting up RAVPN to connect to the LAN from a network outside the WAN. The difference here is I am trying to connect to the management network from the LAN. My set up is as follows.

    Management Network VLAN 10: 192.168.10.0/24
    Local Area Network VLAN 20: 192.168.20.0/24

    I went through the OpenVPN wizard and being that I am able to successfully establish a VPN session we can assume the CA and Users are set up correctly.

    So under General Options
    -Interface = LAN
    -Protocol = UDP
    -Local Port 1194

    Crypto Setting
    -TLS Authentication = Yes
    -Generate TLS Key = Yes
    -DH Parameters Length = 2048
    -Encryption Algorithm = AES-128
    -Auth Digest Algorithm = RSA-SHA256

    Tunnel Settings
    -Tunnel Network = 10.0.0.0/24
    -Redirect Gateway = No
    -Local Network = 192.168.10.0/24
    -Compression = Enabled with Adaptive Compression
    -Type-of-Service = No
    -Inter-Client Communication = Yes
    -Duplicate Connections = No

    Client Settings
    -Dynamic IP = Yes
    -Address Pool = Yes
    -Topology = Subnet - One IP address per client in a common subnet
    -DNS Default Domain = pfsense.home
    -DNS Server 1 - 192.168.10.2 (also the interface IP of the pfsense  on that network)

    On the next page

    Traffic from clients to server Firewall Rule = Yes

    Traffic from clients through VPN OpenVPN rule = Yes

    Anything I had not noted is default and un changed but if you need more information please let me know.

    But with that setup above from the LAN I am able to establish a connection to the VPN and I get an IP of 10.0.0.2 and I am able to ping that management interface 192.168.10.2 however I am unable to ping or access any other devices on that network while VPNed into the management network. Based on the information that I've provided does anyone know what I may have done wrong?

    0
  • johnpoz
    LAYER 8 Global Moderator

    How is this an out of band managment?

    Why are you having to vpn into the lan.. Are you not already on the lan?  Normally OOB would come into pfsense as another form of wan connection that is different than your primary.  So that if your primary is down you could still get into pfsense and stuff behind pfsense be it on a lan or other opt network.  To help troubleshoot why the primary wan is not working, etc.

    0
  • B

    @johnpoz:

    How is this an out of band managment?

    Why are you having to vpn into the lan.. Are you not already on the lan?  Normally OOB would come into pfsense as another form of wan connection that is different than your primary.  So that if your primary is down you could still get into pfsense and stuff behind pfsense be it on a lan or other opt network.  To help troubleshoot why the primary wan is not working, etc.

    It is out of band in the sense that the management plan is separate from the data plane. In the DoD this traffic separation is OOB. I do understand that in the traditional sense that OOB means access to network devices when the network is down. That is not what I mean in this case. And I am using OOB correctly since this is what the DoD uses to refer to this type of network.

    Also Cisco has publish best practice articles on OOB Management Networks.

    http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg/chap9.html#wp1054536

    Also I am not trying to VPN into the LAN I am already on the LAN. I am trying to VPN into the Management Network (VLAN 10) from the LAN (VLAN 20). I am new to RAVPN so I am pretty sure I messed something up.

    0
  • B

    Okay I've solved my issue thanks to packet capture. My configurations that I posted were perfectly fine and that was the answer I was looking for but instead of getting that help people wanted to play semantics with my words which was completely irrelevant of the question that I asked. In any case I am good now and for anyone trying to set up an Out of Band Management network please follow the configurations that I've posted because they work.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy