Hello everyone.
I have a slightly strange use of OPNsense. I use it not as a gateway, but as an OpenVPN server. Other devices act as gateways, forwarding the ports I need to OPNsense. That's not the point. Everything works well enough and has been implemented several times.
There is another problem. I configure a machine with one interface. This is a LAN interface. I define the default gateway on the same interface. After configuring, this machine is not accessible from the LAN via ping. Nothing helps except disabling the firewall. In the new installation, I need to use NAT, and accordingly I cannot completely disable the firewall.
Adding rules to the firewall does not change anything. In debugging, I see packets coming to opnsense from the correct address, but I do not see packets going back. I understand that my usage format is strange. But I still wait for any advice, except for making opnsense a router, since I am not a network administrator and cannot do this physically.
Can you configure OpenVPN with a TAP interface? That makes the tunnel part of the LAN and you don't need routing, firewall rules or NAT.
Firewall > Settings > Advanced > Disable reply-to ;-)
Also disable NAT globally just to make sure.
Unfortunately, I need routing and NAT, I can't turn off TUN or NAT. Although the command "sudo pfctl -d" fixes the behavior and pings go, but it doesn't work, I need NAT. Any other ideas on how to change the behavior of opsense?
As I wrote:
Firewall > Settings > Advanced > Disable reply-to
Thank you. The problem was solved by adding a second interface, allowing pings, running the master through the initial one and enabling the last recommended option that you sent. Thank you.