OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: EdK on October 04, 2019, 10:00:25 am
-
Hi,
My setup as below:
Internet ----> Opnsense 19.7.4 -------> Wireless AP (SSID: test)
LAN IP 192.168.2.1 192.168.2.100
When I am using wifi on SSID test i can access both 192.168.2.1 and 192.168.2.100
But once am outside and VPN in to the network (using opnsense road warrior setup) I can only access 192.168.2.1 which is Opnsense but I can't reach 192.168.2.100.
When I VPN in, my connection status show am logged in having virutal IP is 10.10.0.6
I have set all the rules at WAN and LAN as indicated in the tuitorials and I even set manual NAT outbound (interface: OpenVPN source network : 10.10.0.0/24 destination: Any Translation/Target : 192.168.2.0/24
-
Hello,
can you please post Screenshots from you outbound nat configuration?
Also your openvpn server and client config would be helpful (please remove critical lines, certificates and so on)
Also your routing table from the client, while connected to the vpn please.
Kind regards,
René
-
Does your AP have a route to your tunnel network? The AP either has to use OPNsense as its default gateway or have a static route like 10.10.0.0/24 via 192.168.2.1
Bart...
-
Hello,
can you please post Screenshots from you outbound nat configuration?
Also your openvpn server and client config would be helpful (please remove critical lines, certificates and so on)
Also your routing table from the client, while connected to the vpn please.
Kind regards,
René
Please see attachment. Hope I got it correctly for your viewing
Please see attachment
-
Does your AP have a route to your tunnel network? The AP either has to use OPNsense as its default gateway or have a static route like 10.10.0.0/24 via 192.168.2.1
Bart...
I give the AP static IP address 192.168.2.100 on 192.168.2.0/24 subnet. I leave the gateway setting blank. Will try soon let and let you know.
-
You need the opnsense as router or a static route. Otherwise the AP will not know how it can reach the client in the openvpn network.
-
Solved! put the gateway ip onto the AP.
I just need the Opnsense router to route not statics. So I guess I can remove the Nat Outbound rule yah?
-
Yes, no special outbound NAT rule should be necessary for this usecase.