subject:"\[pfSense\] Routing some trafic throught OpenVPN"

Re: [pfSense] Routing some trafic throught OpenVPN

2015-09-25 Thread Bryan D.

On 2015-Sep-15, at 11:39 PM, Andrej Ferčič [PCklinika]  
wrote:

> Hello!
> 
> I am sure that this issue has been already discussed, but I can not find any 
> arhive. So, please give me some directions where to search or any link to 
> thread containig the following:
> 
> 1. Is there any routing throught IPSec VPN possible? (IpSec is solved in 
> kernel as I know)
> 2. How to use OpenVPN to route a specific trafic throught VPN? Let me explain 
> what I want to solve:

The following may also help -- this is the approach I use (along with some 
additional routing rules) to enable access of various systems from one site to 
another both through IPsec VPNs and OpenVPN VPNs ... though the blog is in 
reference to pfSense 2.1, we're now on 2.2.2 with the same setup but using Key 
Exchange v2 and a server-base pinger to keep IPsec connected [this is a known 
issue, search the list postings]):

http://www.derman.com/blogs/IPSec-VPN-Firewall-Setup#RouteOpenVPNthruIPsec

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Routing some trafic throught OpenVPN

2015-09-16 Thread Andrej Ferčič [PCklinika]

I've made a mistake in firt post. Site A is a branch and Site B is main ofice 
with WAN1 and WAN2

Andrej Ferčič
Poslano z mobilne naprave
and...@pcklinika.si | +386 41 71 60 89

> On 16 Sep 2015, at 08:49, Andrej Ferčič [PCklinika]  
> wrote:
> 
> Hello!
> 
> I am sure that this issue has been already discussed, but I can not find any 
> arhive. So, please give me some directions where to search or any link to 
> thread containig the following:
> 
> 1. Is there any routing throught IPSec VPN possible? (IpSec is solved in 
> kernel as I know)
> 2. How to use OpenVPN to route a specific trafic throught VPN? Let me explain 
> what I want to solve:
> 
> 
> Site A (branch office) <> IPSec <> Site B (main office)
> 
> 
> Site A has two WANs. First, lets name it WAN1 is for all Internet access, 
> WAN2 is dedicated for some special services and uses private IPs 172.x.x.x./16
> 
> From main office (Site B) is this special service reachable, but I should 
> reach this WAN2 network, from my branch offices to (Site A)
> 
> Has anybody any idea how to solve this with current IPSec VPNs or changing to 
> OpenVPN if first is no go ?!
> 
> Thanks,
> 
> Andrej
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Routing some trafic throught OpenVPN

2015-09-16 Thread Andrej Ferčič [PCklinika]

Hello!

I am sure that this issue has been already discussed, but I can not find any 
arhive. So, please give me some directions where to search or any link to 
thread containig the following:

1. Is there any routing throught IPSec VPN possible? (IpSec is solved in kernel 
as I know)
2. How to use OpenVPN to route a specific trafic throught VPN? Let me explain 
what I want to solve:


Site A (branch office) <> IPSec <> Site B (main office)


Site A has two WANs. First, lets name it WAN1 is for all Internet access, WAN2 
is dedicated for some special services and uses private IPs 172.x.x.x./16

>From main office (Site B) is this special service reachable, but I should 
>reach this WAN2 network, from my branch offices to (Site A)

Has anybody any idea how to solve this with current IPSec VPNs or changing to 
OpenVPN if first is no go ?!

Thanks,

Andrej
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Routing some trafic throught OpenVPN

2015-09-16 Thread WebDawg

On Wed, Sep 16, 2015 at 1:39 AM, Andrej Ferčič [PCklinika] <
and...@pcklinika.si> wrote:
>
> Hello!
>
> I am sure that this issue has been already discussed, but I can not find
any arhive. So, please give me some directions where to search or any link
to thread containig the following:
>
> 1. Is there any routing throught IPSec VPN possible? (IpSec is solved in
kernel as I know)
> 2. How to use OpenVPN to route a specific trafic throught VPN? Let me
explain what I want to solve:
>
>
> Site A (branch office) <> IPSec <> Site B (main office)
>
>
> Site A has two WANs. First, lets name it WAN1 is for all Internet access,
WAN2 is dedicated for some special services and uses private IPs
172.x.x.x./16
>
> From main office (Site B) is this special service reachable, but I should
reach this WAN2 network, from my branch offices to (Site A)
>
> Has anybody any idea how to solve this with current IPSec VPNs or
changing to OpenVPN if first is no go ?!
>
> Thanks,
>
> Andrej

I would use OpenVPN unless you need IPSec for any specific reason.  I have
read a few posts to this list where others are having trouble with IPSec
VPNs in the current and some past releases (pfsense).

These two VPN services are more then adequate to achieve what you would
like to do.

The concept is:

Site A has a OpenVPN server setup.
-This server has a rule (definable in the web interface) that says it has
access to and therefore can route,vand will route, traffic addressed to
Site B.

Site B has a OpenVPN client setup that connects to Site A.
-This client has a rule (definable in the web interface) that says that it
has access to and therefore can route, and will route, traffic addressed to
Site A.

I suggest that both networks use different subnets and that you use the TUN
method in OpenVPN.

TUN transports layer 3.

TAP transports layer 2.

Another choice you have to make is UDP vs TCP.  You can get some guidance
here:
https://www.bestvpn.com/blog/7359/openvpn-tcp-vs-udp-difference-choose/

If you use UDP, you should make sure to setup a tls-auth key (really fo TCP
too) as OpenVPN will drop any UDP packets without that authentication
method.

Good Luck.

It is fairly basic but I am sure you will have to play with the
configuration on both sides to figure it out.  I think pfSense has a wizard
that will help you too.  Here is a guide also:
https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

Web...
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Routing some trafic throught OpenVPN

2015-09-16 Thread Andrej Ferčič [PCklinika]

Tnx, for reply

VPN with OpenVPN is not a problem at all. I have problems resolving route in 
OpenVPN. If I add additional interface based on openvpnc, becouse I will need 
it later when defining gateways, vpns stops. There is stil active connection, 
but ECHO request does not reply anymore.

Here is a guide to set all traffic From Site A over VPN to Site B > Internet 
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
 , but I want only my destination 172.29.0.0/16 throught the tunnel, everything 
else should use local GW.

Regards, 

Andrej

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg
Sent: Wednesday, September 16, 2015 3:23 PM
To: pfSense Support and Discussion Mailing List
Subject: Re: [pfSense] Routing some trafic throught OpenVPN

On Wed, Sep 16, 2015 at 1:39 AM, Andrej Ferčič [PCklinika] < 
and...@pcklinika.si> wrote:
>
> Hello!
>
> I am sure that this issue has been already discussed, but I can not 
> find
any arhive. So, please give me some directions where to search or any link to 
thread containig the following:
>
> 1. Is there any routing throught IPSec VPN possible? (IpSec is solved 
> in
kernel as I know)
> 2. How to use OpenVPN to route a specific trafic throught VPN? Let me
explain what I want to solve:
>
>
> Site A (branch office) <> IPSec <> Site B (main office)
>
>
> Site A has two WANs. First, lets name it WAN1 is for all Internet 
> access,
WAN2 is dedicated for some special services and uses private IPs
172.x.x.x./16
>
> From main office (Site B) is this special service reachable, but I 
> should
reach this WAN2 network, from my branch offices to (Site A)
>
> Has anybody any idea how to solve this with current IPSec VPNs or
changing to OpenVPN if first is no go ?!
>
> Thanks,
>
> Andrej

I would use OpenVPN unless you need IPSec for any specific reason.  I have read 
a few posts to this list where others are having trouble with IPSec VPNs in the 
current and some past releases (pfsense).

These two VPN services are more then adequate to achieve what you would like to 
do.

The concept is:

Site A has a OpenVPN server setup.
-This server has a rule (definable in the web interface) that says it has 
access to and therefore can route,vand will route, traffic addressed to Site B.

Site B has a OpenVPN client setup that connects to Site A.
-This client has a rule (definable in the web interface) that says that it has 
access to and therefore can route, and will route, traffic addressed to Site A.

I suggest that both networks use different subnets and that you use the TUN 
method in OpenVPN.

TUN transports layer 3.

TAP transports layer 2.

Another choice you have to make is UDP vs TCP.  You can get some guidance
here:
https://www.bestvpn.com/blog/7359/openvpn-tcp-vs-udp-difference-choose/

If you use UDP, you should make sure to setup a tls-auth key (really fo TCP
too) as OpenVPN will drop any UDP packets without that authentication method.

Good Luck.

It is fairly basic but I am sure you will have to play with the configuration 
on both sides to figure it out.  I think pfSense has a wizard that will help 
you too.  Here is a guide also:
https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

Web...
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Routing some trafic throught OpenVPN

2015-09-16 Thread WebDawg

On Wed, Sep 16, 2015 at 10:09 AM, Andrej Ferčič [PCklinika] <
and...@pcklinika.si> wrote:

> Tnx, for reply
>
> VPN with OpenVPN is not a problem at all. I have problems resolving route
> in OpenVPN. If I add additional interface based on openvpnc, becouse I will
> need it later when defining gateways, vpns stops. There is stil active
> connection, but ECHO request does not reply anymore.
>
> Here is a guide to set all traffic From Site A over VPN to Site B >
> Internet
> https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
> , but I want only my destination 172.29.0.0/16 throught the tunnel,
> everything else should use local GW.
>
> Regards,
>
> Andrej
>
>
It sounds like you are setting it up wrong completely and do not understand
how it works.  Your English is broken and I am having trouble understanding
what specifically you are asking.  I would follow that guide, get it
working, and go from there.

Web..
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Routing some trafic throught OpenVPN

Re: [pfSense] Routing some trafic throught OpenVPN

[pfSense] Routing some trafic throught OpenVPN

Re: [pfSense] Routing some trafic throught OpenVPN

Re: [pfSense] Routing some trafic throught OpenVPN

Re: [pfSense] Routing some trafic throught OpenVPN

6 matches

Site Navigation

Mail list logo

Footer information