What I'm trying to achieve:
Client connected to OpenVPN server can access other machines on the LAN
Status:
VPN Client can connect and the LAN network is pushed to the client.
Routing table is setup correctly on the client 192.168.16.0/24 -> 172.30.10.1
Problem:
When pinging a machine on the LAN network from the VPN Client the
ping reply can't be routed back because the traffic has a source IP of 172.30.10.X
I have enabled outbound NAT'ing on the TAP1 interface but it is not overwriting the source IP?
Main Router
Public IP: 1.2.3.4
Port Forward 1194 to 192.168.12.177
OPNSense Router: OPNsense 20.1.3-amd64
Server Mode: Remote Access (SSL/TLS)
Dev Mode: Tun
Topology: Subnet
WAN 192.168.12.177/24 (GW: 192.168.12.1)
LAN 192.168.16.25/24
TAP1 172.30.10.1/24
Outbound NAT Rule: // Hybrid Outbound NAT
Interface: TAP1
Source: 172.30.10.0/24
Destination: LAN net
NAT Address: LAN Address
Tcpdump –i ovpns1:
16:19:52.669289 IP 172.30.10.2 > 192.168.16.222: ICMP echo request, id 1, seq 1447, length 40
16:19:57.526968 IP 172.30.10.2 > 192.168.16.222: ICMP echo request, id 1, seq 1448, length 40
Can anybody shed some light on this please?
Interface on outbound nat should be LAN, always the leaving interface
@mimugmail Thank you very much! This works now!
Strange thing is when I was still running OPNSense v19.7 I tried TAP1 & LAN as interface and neither worked...