SSLVPN connects but no traffic or Firewall denies

Hey All,

I just switched from OPNSense due to issues with PPPoE and XG worked beautifully to connect to my ISP first try, my entire LAN works marvelously.

I have setup SSLVPN, gone through every forum post I can find but no dice.

Topo:

Port 1: ESX Vswitch - LAN - 10.10.10.0/24

Port 2:  ESX Vswitch - ISP - (Public IP)

VPN : 10.81.234.5-30 .5 is gateway

I can use the XG interface and ping devices on my lan.

I can connect to the VPN successfully, routes are created on the client (tried both openvpn and Sophos client)

I *cannot* ping the VPN internal gateway from the client (10.81.234.5 from the .6 DHCP address) nor can I access any other resources.

I have created the firewall rules VPN - LAN and reverse as well with any/all permitted.

I have confirmed I don't have a specific interface assigned on the permitted networks.

I don't see firewall traffic denying the VPN.

I have enabled ping on the internal interface of the XG and I can't ping my printer and I swear I could ping it from Neptune, so it has no host restrictions etc.

I believe I have checked every post on the topic in the last 5 years.

My last headache, I can access the admin interface but I'm across the country from the unit itself so I can't SSH ATM.  I read about how easy this was so I just turned it on and went on my trip.  

Now I'm stuck unable to connect into my network.  

ONE thing I made work, was changing my LAN port to /8 as a test and I was able to access non-dhcp devices, so I appear to have a routing issue - at least that's my theory.  I returned it to /24 and I couldn't connect to anything.

Thoughts?

Parents Reply
  • Thanks  turning on packet capture made something start working.  No idea why it is working now when it wasn't when I posted this.

    I can now access any DHCP device, which is perfect. 

     

    Next step - why isn't my 'Default Tunnel' working.  Any pointers?  I have "Default tunnel" enabled but I am not getting DNS responses and using 'What is my IP' services I am showing my current location and not the firewall location. 

    Also - those requests aren't showing up in the same packet capture below (I tried Google and a few others - not even trying through VPN). 

     

     

Children
No Data