OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: pabed on February 17, 2019, 07:32:33 am

Title: Client Specific Overrides issues
Post by: pabed on February 17, 2019, 07:32:33 am
HI , I am dealing with OPENVPN ,
I have many clients that everyone works as telework and they have to access to different servers ( lan ips and ports) for solving this issues I have to use CSO but I think CSO doesn't work properly . I asked my question in IRC and I have googled in both OPNsense and also PFsense but there is not clear answer

I have tree interfaces
1:LAN
2:WAN
3:VPNSERVER

in VPNSERVER interface  I set up OPNsense   , I set this network 80.80.80.0/24  "IPv4 Tunnel Network" in "VPN: OpenVPN: Servers" and I set some rules in firewall rules on OPENVPN interface for example 80.80.80.2 can access 192.168.0.20:22  and it works properly

but when I use CSO the clients  take  (Tunnel Settings >> IPv4 Tunnel Network)  in "VPN: OpenVPN: Client Specific Overrides" in this case 70.70.70.0 /24  vpn client takes this ip for example 70.70.70.2 and in the firewall rule in openvpn I set this rule 70.70.70.0/24 access to 192.168.0.20:4455 but this network 70.70.70.0/24  cannot access to anywhere . I have tried route in both
advanced and also "These are the IPv4 networks that will be accessible from this particular client."

my opensense version is "18.7.10"
Title: Re: Client Specific Overrides issues
Post by: bartjsmit on February 17, 2019, 09:21:07 am
Are 80.80.80.0 and 70.70.70.0 just placeholders for this forum or are these your real network names?

You should stick to RFC 1918 for tunnel network ranges, as these are widely hard coded as internal in (network) equipment. Ranges in the middle of the 10 block are usually safe from remote clashes.

Bart...