I have a NAT Port Forward rule in opnsense to the local mailserver.
When I connect from outside with iPhone 4g on vpn (vpn on opnsense with Redirect Gateway on) and look at the live firewall log I see that the REAL IP of the iPhone hits the port forward rule, shouldn't it be the openvpn virtual IP that should get through ?
Can it be that this is since version 21.7?
Or how to let the outside devices go to lan with the vpn virtual ip? e.g. 10.8.0.0/24
could it be that with 21.7 this old bug has resurfaced in some other manner?
====
QuoteI have had the same issue after upgrading from 16.x.
You have to create an Alias (Firewall -> View -> Aliases) and create an alias called WANIP with the primary IP address of your router (so the WAN Address).
After that change the rule that has WAN Address in it and set the Destination address to your newly created alias. After that everything starts working.
It seems that the bug is that instead of WAN Address being used, the WAN NET is being used in the port forward.
======
I tried the above, with no difference, but the problem spoken about here:
https://forum.opnsense.org/index.php?topic=5312.0 (https://forum.opnsense.org/index.php?topic=5312.0)
looks the same?
looks like it had to do with a missing nat outbound rule:
Interface (LAN) - source (any) - source port (*) - Destination (*) - Destination port (*) - NAT Address (interface address) - NAT port (*) - Static port (NO)
now it works, but now I have to narrow this rule down to something instead of any I think....
humm... I tried some different settings in the outbound rule.
When:
- changing the source to myVPN network address -> after some time, the iPhone 4g email stops working. It looks like it takes a couple of minutes before the changed outbound rule is taking effective.
- changing the source to the ip range of openvpn -> same result - stops working
- changing the source to <Lan address> (I learned earlier that this is the opnsense ip-address on the lan only) -> same result, stops working
- changing the source to <Lan Network> same result
- changing to source to OpenVPN network -> same result - stops working
- changing to source to This Firewall -> I can receive emails on my MacBook Pro on local wifi and using an email to sent to my own email server e-mailaccount. Replying on that email back (with my own email server) is not working....
- changing to source any -> everything is working again.... I find this very strange... I should be able to narrow this rule in my opinion.
And when source is any -> on my iPhone 4 g -NOT connected to VPN - and trying to get email en sent email on the mail app for my own mailserver works also....
I surely do not know what is causing this all. I have on my synology firewall a rule to only accept port 587 and 993 to accept ip range lan and ip range vpn.
So when no vpn is on on the iPhone 4g, it should not accept email.... But it does... It looks to me that there is a flaw in opensense 21.7 to let the connection trough with the ip 192.168.1.1 (the ip of opnsense) ????
What is causing this? Openvpn fault? Opnsense 21.7 fault? Or my fault in what?