Dual WAN failover mode, traffic issue with OpenVPN, I can reach LAN gateway but not the ip on LAN, why?
-
Hello everybody,
I'm having an issue where as soon as I turn on a gateway group, i follow tuto here and video here
When i try to connect with OpenVPN, VPN server and the client both say the VPN is connected but it's just not passing traffic.
I am able to ping the default gateway on the target lan, but not able to ping every device on it.Before this, though, the VPN is working fine.
I have created a group gateway and i've allowed everything in the firewall rules for every LAN interface by adding my group gateway as gateway.
Does i miss something?
Many thanks for your help. -
to complete:
-
@elrick75 said in Dual WAN failover mode, traffic issue with OpenVPN, I can reach LAN gateway but not the ip on LAN, why?:
i've allowed everything in the firewall rules for every LAN interface by adding my group gateway as gateway.
That was a bad decision at all.
So you turned all firewall rules into policy routing rule directing all traffic to the active gateway.Changing the default gateway to the gateway group is all you had to do.
So edit your rule again and remove the gateway setting.
-
@viragomann said in Dual WAN failover mode, traffic issue with OpenVPN, I can reach LAN gateway but not the ip on LAN, why?:
Changing the default gateway to the gateway group is all you had to do.
So edit your rule again and remove the gateway setting.Just to be sure to understand.
You suggest to me switch Gateway from Groupe_Gateway to Default on every rules right ?
-
@elrick75
No. That is the default gateway setting. It is correct.But the firewall rules should not have a gateway set.
-
Hi
I change it, now it is like this (Gateway = * on every rules) :
But remote VPN connexion is not able to reach device on LAN (VLAN_DMZ), just able to ping the default gateway on this subnet.
My NAT rules details:
I disable rules on WAN interface used before when i used only one WAN connection, that might have explained something, but the problem still remains ;(
@jimp @johnpoz @jwt If you can please help me, many thanks in advance.
-
This post is deleted! -
I find why....
I had set Group Gateway as defaut gateway on OpenVPN rules too, i switch it to default (= * ) and all is working fine now.
I have another specific question.
Before switching to Dual Wan, I was able to connect from my home in VPN to my home :)
That is to say from the VLAN MY LAN I connect with VPN to the VLAN_DMZ, which was convenient for security reasons and to manage VLAN_DMZ.
Even if I was still depending on my ISP to access VLAN_DMZ, I didn't have to have a machine on the VLAN_DMZ at home.Since I am in DUAL Wan, I am not able to do this anymore.
When trying to connect from my MY LAN VLAN, i receive TLS Error, OpenVPN client log :Sun May 15 10:54:05 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sun May 15 10:54:05 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sun May 15 10:54:05 2022 MANAGEMENT: >STATE:1652604845,RESOLVE,,,,,, Sun May 15 10:54:05 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]185.XXX.XXX.XXX:53XXX Sun May 15 10:54:05 2022 Socket Buffers: R=[65536->65536] S=[64512->64512] Sun May 15 10:54:05 2022 UDPv4 link local: (not bound) Sun May 15 10:54:05 2022 UDPv4 link remote: [AF_INET]185.XXX.XXX.XXX:53XXX Sun May 15 10:54:05 2022 MANAGEMENT: >STATE:1652604845,WAIT,,,,,, Sun May 15 10:55:05 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sun May 15 10:55:05 2022 TLS Error: TLS handshake failed] Sun May 15 10:55:05 2022 SIGUSR1[soft,tls-error] received, process restarting Sun May 15 10:55:05 2022 MANAGEMENT: >STATE:1652604905,RECONNECTING,tls-error,,,,,Is there a specific parameter in the OpenVPN configuration file that could solve this?
Do you know if it is possible to solve this problem?Thank you.