Hello,
since some weeks I am trying to connect my new OpnSense via OpenVPN.
OpenVPN-connection works fine, but I only can reach WebGUI via OpenVPN.
Internal traffic to my LAN is not possible also my Firewall rules are open/allowed and firewall-log is all green
OpnSense IP: 10.10.10.99
my internal Network: 10.10.0.0/16
current OpenVPN config:
protocol:UDP
DeviceMode: tun
LocalPort 1194
IPv4 Tunnel network:
- 10.10.102.0/24
IPv4 LocalNetzwerk:
- 10.10.0.0/16
I can connect to my OpenVPN but only have access to WebGui/Opensense.
All other connections via Web/ssh/ping to 10.10.0.0/16 are blocked or not possible.
But I can't find a solution/rule which blocks the traffic.
perhaps somebody can help to find my error,
thanks in advance!!!
10.10.102.0/24 is part of 10.10.0.0/16 ...
devices in your LAN in the network 10.10.0.0/16 think they can reach 10.10.102.0/24 directly, thus they do not send the packages to the opn box.
your vpn network should be outside the lan network.
or you setup a route on each device setting the opn boy as gateway for the 10.10.102.0/24 network ...
just changed my "IPv4 Tunnel Network" => 192.168.102.0/24
But same effect as before.
From OpenVPN I can ping/reach WebGUI (10.10.10.99) but all other internal IPs are not reachable (e.g. ping/ssh => 10.10.10.130)
Firewall log is still empty, btw. no red entries to this interfaces....
try setting the tunnel network in
VPN: OpenVPN: Client Specific Overrides
I don't use clients.
I only have "Road-Warrior" Setup like here:
https://www.thomas-krenn.com/de/wiki/OPNsense_OpenVPN_f%C3%BCr_Road_Warrior_einrichten
At the moment I only can see incoming traffic to OpenVPN/WAN in my Firewall-Live-View.
Since changing the IPv4-Tunnel Network to 192.168.102.0/24 the WebGui is also not reachable via OpenVPN.
Did a full reset and completly new install of OpnSense.....
OpenVPN login works.
But I cant reach internal network and also the Gui
Firewall is still all green and no rule seems to block, but I can't ping/reach the 10.10.0.0/16 Network.
OpenVPN Network is 192.168.103.0/24.
All other settings are the same as before....
Did you add any firewall rule for your OpenVPN imterface? The default is to block everything, even if the connection succeeds.
Yes, firewall is for testing "open" to all on OpenVPN, WAN, LAN,....
Could you show us the rule on OpenVPN, please?
and the routing table on both sides could help ...
IMHO you always should assure:
1. the connection is up and established
2. routing is as expected i.e traffic will know the right way
3. firewall is not blocking legitimate traffic
Hi,
first thanks for your help!
My Firewall rules are all "allowed" for testing, see attachments.
Wan1 Settings, see attachment
And my next post with OpenVPN Settings.
And last attachment is with a Live-Log-View from firewall, where I can see connections from OpenVPN to a TestServer (Port 81) (192.168.101.6 => 10.10.10.1:81).
But I can't reach this server via Ping/ssh/web from OpenVPN.