OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: Pungon on February 13, 2019, 02:48:37 pm

Title: OpenVPN server for LAN Access
Post by: Pungon on February 13, 2019, 02:48:37 pm

Hi!

I want to access the LAN of my OpnSense firewall from the outside.
I've already made the proper setup and i'm able to connect to the VPN from the outside and the internet traffic is sucessfully routed trought the firewall. My main issue right now is that i'm unable to ping/access any host on the LAN.

My configuration : https://imgur.com/a/D1DNrpH
(if not inclued then default)

My LAN is 10.0.0.0/8 and my DNS is 10.10.10.50

Does anyone have an idea?
Thanks

Title: Re: OpenVPN server for LAN Access
Post by: myksto on February 13, 2019, 03:17:16 pm

Hi.
I can't see any rule from your VPN network to your LAN network.
Do some test connecting through the VPN, pinging some hosts inside your LAN, looking at the firewall logs: you should see that your ICMP packets are blocked by the firewall.
If that's the case, create the appropriate rules to permit access to the services you need from the VPN to the LAN and you should be ok.

Cheers,
Michele.

Title: Re: OpenVPN server for LAN Access
Post by: Pungon on February 13, 2019, 03:42:40 pm

I have this rule on the OpenVPN interface : https://i.imgur.com/t14XCok.png
I don't know if it's enough or i need to create a rule on the LAN interface.

Title: Re: OpenVPN server for LAN Access
Post by: myksto on February 13, 2019, 03:50:26 pm

You omitted to attach the VPN rules before...  ;)
Anyway with that rule you permit everything to everywhere from the VPN network (a bit dangerous on my opinion) and you should be able to connect to your hosts on the LAN segment. No need to create any rule on the LAN network.
What kind of services are you trying? Rdp, ftp, icmp, ecc.?
What is showing in your firewall logs? I mean, do your packets reach your LAN hosts or not?

Cheers,
Michele.

Title: Re: OpenVPN server for LAN Access
Post by: Pungon on February 13, 2019, 04:06:13 pm

I'm trying with the HTTP protocol but i can't see any request from the OpenVPN interface on the firewall log :(
I think the problem is from my OpenVPN settings, not from the firewall itself.

Title: Re: OpenVPN server for LAN Access
Post by: myksto on February 13, 2019, 04:28:14 pm

If you can't see anything in firewall logs it should be for these reasons:

• packets from VPN client don't reach the firewall
• packets reach the firewall, reach your hosts but are not correctly routed back to the VPN client
• you hosts in LAN somehow block some traffics (firewall?)
• a mix of these reasons

Anyway you have to investigate more.
Sorry I can't you help you any further.  :(

Cheers,
michele.