Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Allow 3rd Party Wireguard VPN to Access LAN ressources from offsite Server

Hello everyone Slight smile
I am struggeling with the following:

The customer has microtik router that connects via wireguard VPN to a remote Windows Server in a Datacentre.
The Microtik router is the VPN Client, the Windows Server is the VPN Server.
The employees are supposed to print from the remote Windows Server to local LAN printers.

Setup:
Local LAN 192.168.5.0 /24
VPN: 10.19.15.0 /24

in SFOS 19 I only needed to set a static route 10.19.15.0/24 with Gateway (Microtik router) on br0 to make it work.
Since upgrading to SFOS 20 the VPN connection suddenly stopped working.

Which Rules do I need to set in place, to tell the XGS that:
- Data from the VPN 10.19.15.0 are okay to access the local LAN ( logs tell me that the XGS can't associate the Microtik VPN traffic with any connection ).

Thanks





EDIT: We managed to establish the VPN connection again, by switching the Port. The connection itself is still.... "kinda buggy". If I ping a printer from the remote server, 5/7 (ish) pings go threw, 2 get dropped by the firewall. "invalid traffic" // source: internal printer ip / target: vpn IP of the remote server / "Could not associate packet to any connection."
[edited by: Rene Böhres at 2:30 PM (GMT -7) on 27 May 2024]
Parents Reply Children
  • It's not very complicated in Terms of Setup so a Diagram would probably be overkill

    Local LAN 192.168.5.0 /24
    Printer 192.168.5.96 /24


    VPN: 10.19.15.0 /24
    "VPN Box" 192.168.5.31 / 10.19.15.1
    Windows Server 10.19.15.1/24

    ISP Router Lan: 192.168.6.0/24

    Local Lan: 192.168.5.0 -> ISP Router LAN

    In the "Local LAN" is a small Router (let's call it VPN Box) that connects as a Wireguard VPN Client to a Windows Server that is a Wireguard VPN 
    The VPN Box has a LAN Adress (Lets say 192.168.5.31) as well as a VPN Adress ( Say 10.19.15.2) and the Windows Server (10.19.15.1) 
    Printers from the Local LAN are installed on the Windows Server so employees can Print locally.
    Right now the connection to the Windows Server in the cloud works, but if i ping the printers from the windows server I get like 6 successes and 4 fails.



    I had to black out a bunch of Stuff, since this Firewall is setup for 2 companies (sorry)