VLAN not getting packets back while using vpn gateway
-
Hi all,
I've done quite a bit of digging and I'm just completely lost at this point. I've had vlans running on my pf without issues for over a year. Now I finally had time to sit down and setup the vpn connection. Everything works just as expected with the vpn I excluded one laptop going out through the WAN GATEWAY while the rest of the LAN goes out the VPN gateway. I also have specific ports using WAN over VPN and these work just fine. I have two vlans both going to the same esxi host (2 nics).
The problem is I can get the assigned IP address and even switching the networks around gives me the expected results. However, in my troubleshooting I identified that the problem on this VPN with getting internet is the vpn gateway. Since I can set the gateway to WAN reboot the vm and it goes out, but when I switched the WAN to VPN gateway the outbound routing looks to be ok. My main machine which uses the VPN as gateway works flawlessly and a laptop on the same network using the WAN gateway works as expected.
I went and checked the outbound nat (manual) and it's nasty in there but what I be expecting to be in there? I see 3 rules for each interface that I have, WAN, VPN, and HOSTNET (the vlan i'm using) as well as some additional WAN routes but everything is working as expected except for this one part.
When I run a ping, or curl or try to upgrade my repos in the vm the commands just hang and eventually time out. When I look in the state table it shows 3 connections ( depending) 2 for my DNS and 1 to the ip address I did the curl on. So I know the packets are reaching the firewall at a minimum.
I would love to get this figured out so I can continue with my testing but I need to solve this gateway issue.
Any help, recommendations or tips would be appreciated!
-
While talking with someone else they mentioned a GRE tunnel. To my knowledge a GRE needs a L2 device at either end. Since this is OpenVPN on a VLAN GRE wouldn't work.. would it? I mean because I can't assign a VLAN tag and a GRE tunnel to the same interface - correct? :-\