Hello,
I configured VPN server on opnsense , LAN network :192.168.2.0/24 , VPN network: 10.10.0.0/24 .
VPN clients connect successfully to the server and i can surf the internet via the tunnel with gateway redirection.
However , i have an issue with routing in regards to reaching the LAN network . firewall rules are attached .
i can see in the firewall live view the following when i try to reach the following box:192.168.2.100
lan 2022-04-13T21:44:49 10.10.0.6:51945 192.168.2.100:80 tcp let out anything from firewall host itself (direction out)
if i add a static route on my box that to reach 10.10.x.x is via 192.168.2.1 , the problem will be fixed. however, obviously i have some misconfiguration somewhere.
Appreciate your help ,
Quote from: lello1231 on April 13, 2022, 08:54:33 PM
if i add a static route on my box that to reach 10.10.x.x is via 192.168.2.1
That means the firewall (and VPN endpoint) is not the default gateway on your box :)
Your solution is valid. If the VPN does not connect to your default gateway, you need an explicit route.
Bart...
I dont know if this is possible , Is there a way to make vpn traffic appears in the LAN network as local traffic (same subnet IP's)?. Basically i want to change the source IP for VPN traffic once on LAN network.
192.168.2.X instead of 10.10.X.X
Quote from: lello1231 on April 13, 2022, 08:54:33 PM
I dont know if this is possible , Is there a way to make vpn traffic appears in the LAN network as local traffic (same subnet IP's)?.
Yes, put an outbound NAT on the OpenVPN interface. Firewall, NAT, Outbound: interface=OpenVPN, source=any, port=*, destination=LAN net, destination port=*, NAT address=LAN address NAT Port=*
Quote from: bartjsmit on April 14, 2022, 02:55:28 PM
Quote from: lello1231 on April 13, 2022, 08:54:33 PM
I dont know if this is possible , Is there a way to make vpn traffic appears in the LAN network as local traffic (same subnet IP's)?.
Yes, put an outbound NAT on the OpenVPN interface. Firewall, NAT, Outbound: interface=OpenVPN, source=any, port=*, destination=LAN net, destination port=*, NAT address=LAN address NAT Port=*
Hello,
I set the outband NAT entry as advised,
OpenVPN any * LAN net * LAN address * NO
however it didn't work. i can still see the source ip as 10.10.0.6 on the lan network
lan 2022-04-14T18:41:03 10.10.0.6:49681 192.168.2.100:80 tcp let out anything from firewall host itself
Any more idea guys?
Your next step is a deep dive with packet traces and firewall log analysis. Capture packets at source, on the firewall and at the destination and use Wireshark to see where the connection fails.
Bart...
The connection does not fail , on the lan interface , i can see incoming VPN traffic source ip as 10.10.0.6.
what i wanted is to change the source ip from 10.10.0.6 to any ip address that belong to lan network (192.168.2.x)
i tried your suggestion by putting an outbound NAT on the OpenVPN interface.
Firewall, NAT, Outbound: interface=OpenVPN, source=any, port=*, destination=LAN net, destination port=*, NAT address=LAN address NAT Port=*
but this rule is not changing the source ip, as you can see in below trace
lan 2022-04-13T21:44:49 10.10.0.6:51945 192.168.2.100:80 tcp
Another thing, OpenVPN interface need to be created in the interface section for the outband NAT works correctly?