Can't Communicate With Host Over OVPN Connection
-
Hello,
This is my first time here and I am unsure if this falls under routing or firewall so I apologize if this post is in the incorrect location.My Setup:
1 Physical Server running Ubuntu 20.04
1 Physical Intel Gig NIC passed through to a PFSense VM running on libvirt (WAN)
There is no routing or bridging here it is using PCIe pass through and the host has no access to it.
1 Host only network (host sees as virbr99) connected to the PFSense VM (LAN)Problem:
What works:
The PFSense VM can ping the host os (Ubuntu)
A Windows VM can also ping / ssh into the host os (Ubuntu)
When connected via the VPN I can ping and connect to the web UI of PFSense as well as ssh into PFSense and I can ping / connect to Windows via RDPWhat does not work:
I am unable ping or SSH into my host Ubuntu machine from my remote computer. I feel I am missing a simple option here.Things I have tried:
I have tried "pfctl -d" with no success.
I have temporarily created "Any Any Any" rules in PFSense on the OVPN and LAN connections but it is still not working.
Although I didn't think it was the problem UFW has been disabled for now on the host os (Ubuntu)
Tried reboots and recreating the network on the hostI appreciate any input regarding this matter and will provide an additional information needed. Please note that this is a lab configuration and is being used pre-production to ensure this will work.(Meaning that I don't mind rebuilding the whole thing although I have already done so once). In a best case there would be a physical PFSense box running in the data center but I was hoping to do it this was to cut costs. Connecting a second NIC here is an option for management but the goal is to not have the host server connected directly to the internet for security.
Thanks,
Charles -
@qits_charles
I assume the Ubuntu server will not use pfSense as upstream gateway.If so you have to masquerade packets destined for the server.
-
@viragomann yes. I do not understand that term masquerade but yes the idea is to have the Ubuntu post completely isolated except when connecting via the VPN. I understand that it will eventually get out of date but all it is doing is running KVM and nothing else. No need for it to be able to connect to the Internet. Where is this setting and is it in Ubuntu or is it in PF sense?
-
@qits_charles
If you don't need internet on Ubuntu, when pfSense isn't running you can simply configure it to use pfSense as upstream gateway.
So it's necessary that the Ubuntu server has a network connection to pfSense somehow.Has the server an IP in this network:
1 Host only network (host sees as virbr99) connected to the PFSense VM (LAN)
If not set ti up and set the pfSense IP as default gateway.
Then you should be able to access the server via vpn. -
@viragomann It is setup. When I add PFSense as the gateway it is able to connect but as soon as I remove it I lose access. Also the latency is 50+ ms. Is this because PFSense is in a VM? Does it need more than a core and 1 Gig of RAM?
-
@qits_charles said in Can't Communicate With Host Over OVPN Connection:
When I add PFSense as the gateway it is able to connect but as soon as I remove it I lose access.
That's what I except. Why do you want to remove it?
Also the latency is 50+ ms.
Only to the Ubuntu host or other destinations as well?
A single core may be not ideal for modern operating systems, but depends on the cpu speed. The RAM usage depends on what is running on pfSense. For firewalling only it should be sufficient.