OPNsense Forum

Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I have a established VPN site to site connection. On the opnsense maschine (openvpn-client) I can ping everything on the openvpn-serverside. But from a random maschine on the client side no traffic goes throw the openvpn-tunnel.


My configuration is the folowing:

Network-diagramm (see attachment)

OpenVPN-Server-config
Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked

Client Specific Overrides
IPv4 Remote Network: 192.168.0.0/24

OpenVPN-Client-config
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24

Clientside (192.168.0.3): Fiewall: Rules: LAN
in   IPv4   LAN net   *   *    *   *   *


Clientside (192.168.0.3): Fiewall: Rules: OpenVPN
in   IPv4   *   *   *    *   *   *
out   IPv4   *    *   *    *   *    *

VPN: OpenVPN: Connection Status
client s2s_BW02-LS50 *.*.*.* 172.31.5.2 2024-02-17 23:25:13 248.13 KB 227.71 KB connected


System: Routes: Status on opnsense Openvpn-Client

...
ipv4 default 192.168.0.1 UGS NaN 1500 vtnet0 lan
ipv4 127.0.0.1 link#2 UH NaN 16384 lo0 Loopback
ipv4 172.31.5.0/28 link#7 U NaN 1500 ovpnc1
ipv4 172.31.5.2 link#7 UHS NaN 16384 lo0 Loopback
ipv4 192.168.0.0/24 link#1 U NaN 1500 vtnet0 lan
ipv4 192.168.0.3 link#1 UHS NaN 16384 lo0 Loopback
ipv4 192.168.178.0/24 172.31.5.1 UGS NaN 1500 ovpnc1



More detailed problem description:
on a random server/computer on the clientside (192.168.0.0/24) I am unable to access the serverside network (192.168.178.0/24).

Here a traceroute:
1     1 ms     1 ms     1 ms  gw [192.168.0.1]
  2     4 ms     6 ms     6 ms  fw.intra.brue.ch [192.168.0.3]
  3     *        *        *     Zeitüberschreitung der Anforderung.
  4     *        *        *     Zeitüberschreitung der Anforderung.
  5     *        *        *     Zeitüberschreitung der Anforderung.

But from the opnsense Openvpn-Client (192.168.0.3), I can ping everything on the serverside:

Description              Hostname Source Send Received Min Max Avg loss
192.168.0.202 27 27 0.291 6.681 0.916 0.00 %
192.168.178.1 29 29 23.501 33.995 26.449 0.00 %
172.31.5.1 29 29 22.345 30.46 25.602 0.00 %
172.31.5.2 29 29 0.182 1.536 0.528 0.00 %



Btw:
The hole configuration worked befor. Then a certificate (or more precisely the CA) runs out of date. The onlything I changed:

• Createt new CA
• Createt new Combined Client/Server Certificate (was not nessesary in the old config)
• Changed the CA and certificates in the openvpn server and client config.

I've no clue, why the hole thing now doesn't work.
really appreciate your help!