OPNsense Forum

English Forums => Virtual private networks => Topic started by: p0ddie on November 26, 2020, 05:25:57 pm

Title: OpenVPN: only one of two subnets accessible, can't figure out why
Post by: p0ddie on November 26, 2020, 05:25:57 pm

Hi,

I have an OPNsense gateway set up for openvpn. I have 3 separated internal networks, each on their own physical ethernet interface. These networks are firewalled with a simple deny network 1 to access 2 and 3 rule. I deactivated these rules temporarily, no fix for my problem.

I have the following networks:

OpenVPN network: 172.30.17.*
Network A: 10.15.90.0/24
Network B: 10.7.32.0/24

Main problem: Road warrior dial-in for all users is successful, they can access network A but not network B.

In VPN: OpenVPN: Server, I have both routes under "local IPv4 network": 10.7.32.0/24,10.15.90.0/24

Firewall: Rules: OpenVPN wizard rule:

Interface: OpenVPN
Direction: in (there is no "out rule", access till works, I added one temporarily but it did not fix anything)
Protocol/Source/Target: any

Interesting: the rule shows ipv4/6, when I click to edit the rule, it says only ipv4. I don't need ipv6 anyway. GUI bug?

I am using Viscosity on Mac as a client.

Upon connecting, the client routing table looks as follows:

Destination        Gateway            Flags        Netif Expire
default            192.168.1.1      UGSc           en0       
default            172.30.17.5        UGScI       utun10       
10.7.32/24         172.30.17.5        UGSc        utun10       
10.15.90/24        172.30.17.5        UGSc        utun10   

The gateway's log shows:

vpnusername/222.222.111.111:51878 SENT CONTROL [vpnusername]: 'PUSH_REPLY,route 10.7.32.0 255.255.255.0,route 10.15.90.0 255.255.255.0,dhcp-option DNS 172.30.17.1,route 172.30.17.1,topology net30,ping 10,ping-restart 60,ifconfig 172.30.17.6 172.30.17.5,peer-id 0,cipher AES-256-GCM' (status=1)


So the route is there.


What am I missing?

Thanks, guys!