OPNsense Forum

English Forums => Virtual private networks => Topic started by: BShoppy on August 16, 2023, 11:28:05 pm

Title: Site-to-Site OpenVPN not working from outside OPNSense
Post by: BShoppy on August 16, 2023, 11:28:05 pm

I've set up a Site-to-Site OpenVPN configuration on 23.7 using the new instances following the steps at:
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html (https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html)

It's connecting to an OpenVPN Access Server, not another OPNSense instance, but that shouldn't matter.

The connection comes up fine, and from the OPNSense router itself, I can access everything just fine. But from all computers in my local LAN, I can't access anything. With a ping, firewall logs show a packet going out, but nothing coming back - either blocked or allowed.

Any thoughts on what I am missing?

Title: Re: Site-to-Site OpenVPN not working from outside OPNSense
Post by: bartjsmit on August 17, 2023, 09:09:54 am

Quote from: BShoppy on August 16, 2023, 11:28:05 pm

Any thoughts on what I am missing?

A return route on the far end :)

Hosts on the remote network need a static route to your LAN to go via the tunnel. Otherwise they send the reply packets to their default route where the first internet router will promptly drop them (for being in the RFC1918 ranges)

If you control the remote default gateway, set the route there for ease of management (single point of config).

Bart...

Title: Re: Site-to-Site OpenVPN not working from outside OPNSense
Post by: BShoppy on August 17, 2023, 06:09:51 pm

Quote

A return route on the far end :)

That was pretty much it. The host network on the far end had the return route, but the VPN configuration on that end didn't have the local network in there  :-[

Added that and now it's all working perfectly.

Thanks!