I've been using PFSense for many years now and thought I'd take a look at OPNSense.
While setting up OpenVPN I came across a problem that I have not managed to resolve. All users / CA / certificates etc are all setup.
If I use the OpenVPN wizard, at the end of the process it should add two firewall rules for OpenVPN and WAN. It does apply the OpenVPN rule but not the WAN rule. If I try to setup the rule manually I get a 'no entry' icon when I try to add the destination port range.
I also tried to setup a port mapping to an internal web server, I can select the 'Single host or network' IP of the webserver, but again I can't choose the destination port.
I'm using a dedicated mini PC with 8gb ram / 32gb storage and 2 x gigabit ports which I previously used for PFSense without any issues.
Has anybody else came across this problem or am I missing something obvious.
Any help would be greatly appreciated.
Regards,
Robert.
Quote from: rmsloan on February 11, 2021, 03:53:10 PM
If I try to setup the rule manually I get a 'no entry' icon when I try to add the destination port range.
Did you choose IPv4 and UDP? Then you should be able to choose the destination port, in my experience.
No idea why the wizard-created rules should not work, I haven't used the wizard for a long time :-)
Hi Chemlud,
Thanks for your reply. Selecting UDP or TCP did let me enter the port number OK, however still no joy with openvpn. So I setup a simple port mapping to a web server behind opnsense and this didn't work either. The firewall rule is correct on Firewall - NAT - port forward and on Firewall - Rules - WAN but the firewall logs are not even showing an attempt (firewall is set to show blocked, rejected and pass).
I'll describe below how this test network is configured which I want to get working correctly before I move it to my main network.
Huawei B525s-23a (4g router)
Lan IP address 192.168.8.1
OPNSense
Wan IP 192.168.8.104
LAN IP 192.168.10.1
I connect via WiFi or ethernet on the Huawei device so I'm essentially on the Wan of OPNSense, but when I try to connect to OpenVPN or to a web server port mapped to 192.168.10.201:8080 I get nothing at all in the logs.
As I test on an identical box I'm using for OPNSense I installed PFSense again (which I want to move away from) and setup with the same IP address details and set the same rules and connected to the Huawei box. OpenVPN and the port map to the web server worked exactly the way they should.
I'm stumped as to way this is happening, so if you or anyone else have any further suggestions of what I could try, it would be greatly appreciated.
Regards,
Robert.
Mostly likely you stumble across this here
https://forum.opnsense.org/index.php?topic=15900.0
But I would have debugged the tunnel settings for the openVPN before switching to a completely new setup...
Maybe only a minor missmatch in client/server config. No problems with openVPN tunnels even in mixed setups here. :-)