[SOLVED] Trying to set up an OOB Management Network
-
Hello I am trying to set up an OOB Management Network. So far I have set up a separate VLAN for that network and I have assigned IP to all devices that need to be managed on that network. I have plugged a switch inline on that network and tested connectivity to those devices and they work fine. Now I am trying to set up an RAVPN to remote into that network from the LAN. However when I VPN to that network the session is established but I am unable to reach any devices on that network. Most RAVPN tutorials are for setting up RAVPN to connect to the LAN from a network outside the WAN. The difference here is I am trying to connect to the management network from the LAN. My set up is as follows.
Management Network VLAN 10: 192.168.10.0/24
Local Area Network VLAN 20: 192.168.20.0/24I went through the OpenVPN wizard and being that I am able to successfully establish a VPN session we can assume the CA and Users are set up correctly.
So under General Options
-Interface = LAN
-Protocol = UDP
-Local Port 1194Crypto Setting
-TLS Authentication = Yes
-Generate TLS Key = Yes
-DH Parameters Length = 2048
-Encryption Algorithm = AES-128
-Auth Digest Algorithm = RSA-SHA256Tunnel Settings
-Tunnel Network = 10.0.0.0/24
-Redirect Gateway = No
-Local Network = 192.168.10.0/24
-Compression = Enabled with Adaptive Compression
-Type-of-Service = No
-Inter-Client Communication = Yes
-Duplicate Connections = NoClient Settings
-Dynamic IP = Yes
-Address Pool = Yes
-Topology = Subnet - One IP address per client in a common subnet
-DNS Default Domain = pfsense.home
-DNS Server 1 - 192.168.10.2 (also the interface IP of the pfsense on that network)On the next page
Traffic from clients to server Firewall Rule = Yes
Traffic from clients through VPN OpenVPN rule = Yes
Anything I had not noted is default and un changed but if you need more information please let me know.
But with that setup above from the LAN I am able to establish a connection to the VPN and I get an IP of 10.0.0.2 and I am able to ping that management interface 192.168.10.2 however I am unable to ping or access any other devices on that network while VPNed into the management network. Based on the information that I've provided does anyone know what I may have done wrong?
-
How is this an out of band managment?
Why are you having to vpn into the lan.. Are you not already on the lan? Normally OOB would come into pfsense as another form of wan connection that is different than your primary. So that if your primary is down you could still get into pfsense and stuff behind pfsense be it on a lan or other opt network. To help troubleshoot why the primary wan is not working, etc.
-
How is this an out of band managment?
Why are you having to vpn into the lan.. Are you not already on the lan? Normally OOB would come into pfsense as another form of wan connection that is different than your primary. So that if your primary is down you could still get into pfsense and stuff behind pfsense be it on a lan or other opt network. To help troubleshoot why the primary wan is not working, etc.
It is out of band in the sense that the management plan is separate from the data plane. In the DoD this traffic separation is OOB. I do understand that in the traditional sense that OOB means access to network devices when the network is down. That is not what I mean in this case. And I am using OOB correctly since this is what the DoD uses to refer to this type of network.
Also Cisco has publish best practice articles on OOB Management Networks.
Also I am not trying to VPN into the LAN I am already on the LAN. I am trying to VPN into the Management Network (VLAN 10) from the LAN (VLAN 20). I am new to RAVPN so I am pretty sure I messed something up.
-
Okay I've solved my issue thanks to packet capture. My configurations that I posted were perfectly fine and that was the answer I was looking for but instead of getting that help people wanted to play semantics with my words which was completely irrelevant of the question that I asked. In any case I am good now and for anyone trying to set up an Out of Band Management network please follow the configurations that I've posted because they work.
