I'm a relatively new convert from pfSense to opnsense. I've been happy with it, but I'm still unsure how to get my firewall rules configured correctly.
First, when I navigate to Firewall -> Rules, I have a ruleset for "OPENVPN" and a second ruleset for "OpenVPN". Is this correct? The all-caps one is from the Interface that I created that maps to "ovpns1". I'm unsure what the ruleset for "OpenVPN" came from, nor how/if to delete it.
Both of these rule sets are empty, except for some default rules on the OPENVPN for blocking bogon networks. When I connect to the VPN, I find that I can't even connect to the VPN's gateway (192.168.x.1) to get to opnsense. It feels like it's a firewall block, since the telnet command gets hung.
Is there some obvious thing I'm missing? Thanks much.
I've put a few screenshots showing the interfaces, the VPN rules, and the firewall logs, at this link. https://imgur.com/a/98vZ7nX (https://imgur.com/a/98vZ7nX)
EDIT: I figured out what's wrong. I needed to setup the VPN server to listen on Interface "WAN" instead of Interface "any".
bumping this with the hope that anyone has ideas?
Hi
I have these rules
(https://i.ibb.co/27ZdJYZ/openvpn-rules.png) (https://ibb.co/pvhdqrh)
I don't think you need to create an interface for an OpenVPN server.
There is more documentation at https://docs.opnsense.org/manual/vpnet.html#openvpn-ssl-vpn
cheers
-spider
Thanks. I realized I created that interface for VPN when I was trying to look at the live firewall log and wanted to watch all traffic on the interface. I deleted it and still don't seem to be able to reach the intranet, though the VPN seems intact.
While I'm not using opnvpn now, I remember using a guide back than to make it work. Maybe this full guide helps you.
https://homenetworkguy.com/how-to/configure-openvpn-opnsense/ (https://homenetworkguy.com/how-to/configure-openvpn-opnsense/)
Ok I've figured it out. I had the OpenVPN server set to listen on Interface "any". It needs to listen on Interface "WAN". D'oh!
thanks all!