Hi,
My setup is a OPNsense with its WAN port in a local network 172.16.16.0/24. The LAN port is configured as its default 192.168.1.1/24
I've created a OpenVPN server with all the bells and whistles (CA, certs, etc).
The WAN interface definition has the "Block private network" disabled. So, I'm expecting that traffic from 172.16.16.0/24 is not blocked.
However, when a VPN client on the 172.16.16.0/24 network tries to connect it fails. In the filter log I see that incoming VPN packets on the WAN port are still being blocked.
What else do I need to do to let the VPN traffic pass?
-- Kees
Have you created a firewall rule to allow the inbound VPN connections on your WAN port? Nothing is allowed in unless there's a policy that says so....
And you might want to disable reply-to in Firewall > Settings > Advanced
If the OPN WAN GW points to another firewall, OUT traffic from WAN will be dropped by that firewall.
@dseven taught me that one.
Thanks. That works now.
Thanks for the tip on the reply-to setting. Indeed I have the OPNsense behind another router/gateway. I have two use cases, one behind a FritzBox and one behind a primary OPNsense router. Both cases are working now.