[SOLVED] Need Help: Can't Reach Host from VPN Network

manjotsc

Hi,

I'm experiencing connectivity issues between two interfaces—I can't reach any IPs from Server_VPN_Network to Server_Network.

Specifically, I need to access a single client at 192.168.80.48, which is located in the Server_Network, from within the Server_VPN_Network.

I've already tried disabling all block rules, but there's still no connectivity. It's as if the rules aren't having any effect. I also cleared the states, but that didn’t help.

I even tried filtering the states to check for any blocked traffic, but nothing shows up.

Server_VPN_Network : Subnet 192.168.87.1 (VLAN) Gateway is Wireguard Tunnel
Server_Network: Subnet 192.168.80.1 just a normal interface with default gateway

patient0

@manjotsc the firewall rules are in direction 'in' and apply 'quick' (not floating rules though). And Floating rules are evaluated before interface groups (like Wireguard) and then the interface rules. What it means:

• per default, without any rules, anything is blocked
• in: direction into the router, from the network interface you create the rule in. E.g. for SERVER_VPN_NETWORK applies to traffic originating from the SERVER_VPN_NETWORK and going anywhere else
• quick: the first rules that matches will be applied and not further rules are evaluated

You know that but just to make sure we are on the same page.

In the SERVER_VPN_NETWORK firewall rules there is a block rule for all servers in SERVER_NETWORK subnet. Since that block rules is before the "allow access to 192.168.80.48" rule, and the first match wins, all traffic to SERVER_NETWORK is blocked.

That is a lot of text to say: move the "allow access to 192.168.80.48" rule above the "block all traffic to SERVER_NETWORK" rule and it will work.

manjotsc

@patient0 Thank you