wan <--> opnsense (vpn_gw) <--------> VLAN20 --- desktop
\ ----> VLAN60 --- server1 (openvpn client)
My first opnsense setup and struggling with routing configuration.
The server on vlan60 is reachable from vlan20.
The moment server1 start it's own openvpn client the routes change and i cannot reach it from vlan20, desktops in vlan60 are though able to reach it.
I need help, my attempts with single gw and routes config were futile. :'(
openvpn client stopped (server reachable from any allowed local client)
Quoteroot@broken-vpn:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.60.1 0.0.0.0 UG 100 0 0 eth0
10.10.60.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
10.10.60.1 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
openvpn client running (only reachable from vlan60)
Quoteroot@broken-vpn:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.10.60.1 0.0.0.0 UG 100 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.10.60.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
10.10.60.1 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
143.244.41.17 10.10.60.1 255.255.255.255 UGH 0 0 0 eth0
Why in the world the server1 is an openvpn client. Anyway, once you are in a vpn mode the locals and other routes should not be able to see or communicate, otherwise what's purpose of the vpn. :D
The locals on the same vlan can reach the vpn client even when the openvpn is running.
I just would like to know how to config opnsense to allow me to reach then vpn client from another vlan.