I'm in vacation and trying to get my new OpnSense server configured for OpenVPN. I have acess via a server with TeamViewer install that's on my local So I've gone through the guide twice fully and rebuilt everything after feeling more confident where I might've gone wrong.
Guide I'm referencing and happy to propose doc modifications, if I can figure out where I went wrong: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
I'm able to connect with my user ID using MFA but then I can't access internet through the VPN or any of my LAN servers.
A few parts of the guide don't line up to the most recent interface but most of it did.
1. In the provided screenshots for the firewall rules on WAN and OpenVPN it isn't clear what order to put them in. I have a bunch of default rules in two folders. By default, it out both of the rules below the folders. I cannot figure out if that might be causing the issue? I'm using a vanilla install with almost no customization at the moment.
2. The page that seems to have the most variation to the guide is the OpenVPN server configuration. Here is recommended configuration on that page above:
(Sorry for below formatting, in my cell but will fix when I can. Format is setting {line return} configuration recommendation.
Description
My SSL VPN Server
Server Mode
Remote Access (SSL/TLS + User Auth)
Backend for authentication
TOTP VPN Access Server
Protocol
UDP
Device Mode
tun
Interface
WAN
Local port
1194
TLS Authentication
Leave both on enabled (checked)
Peer Certificate Revocation List
N/A
Server Certificate
SSLVPN Server Certificate (CA: SSL VPN CA)
DH Parameters Length
4096 bit
Encryption algorithm
AES-256-CBC (256-bit key, 128-bit block)
Auth Digest Algorithm
SHA512 (512-bit)
Certificate Depth
One (Client+Server)
IPv4 Tunnel Network
10.10.0.0/24
IPv6 Tunnel Network
Leave Empty
Redirect Gateway
Leave Unchecked
IPv4 Local Network/s
192.168.1.0/24
IPv6 Local Network/s
Leave Empty
IPv4 Remote Network/s
Leave Empty
IPv6 Remote Network/s
Leave Empty
Concurrent connections
Leave Empty
Compression
Enabled with Adaptive Compression
Type-of-Service
Leave Unchecked
Duplicate Connections
Leave Unchecked
Disable IPv6
Checked
Dynamic IP
Leave Unchecked
Address Pool
Leave Checked
Topology
Leave Unchecked
DNS Default Domain
Leave Unchecked
DNS Servers
Leave Unchecked
Force DNS cache update
Leave Unchecked
NTP Servers
Leave Unchecked
NetBIOS Options
Leave Unchecked
Client Management Port
Leave Unchecked
Renegotiate time
0
1. No option to disable ipv6
2. Compression recommendation doesn't match directly any available setting
Try Kirk for an alternative guide: https://kirkg.us/building-an-openvpn-server-with-opnsense/
Enjoy your break!
Bart...
Dang, wish the wizard was more clear from the outset, but I got it working with this! Thank you. Still have some kinks to work out but generally its connected on both my mobile phone and my laptop, so that's great!