OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: neek on March 31, 2022, 07:38:41 pm

Title: [SOLVED] Firewall rules to allow OpenVPN access to my LAN
Post by: neek on March 31, 2022, 07:38:41 pm

I'm a relatively new convert from pfSense to opnsense. I've been happy with it, but I'm still unsure how to get my firewall rules configured correctly.

First, when I navigate to Firewall -> Rules, I have a ruleset for "OPENVPN" and a second ruleset for "OpenVPN". Is this correct? The all-caps one is from the Interface that I created that maps to "ovpns1". I'm unsure what the ruleset for "OpenVPN" came from, nor how/if to delete it.

Both of these rule sets are empty, except for some default rules on the OPENVPN for blocking bogon networks. When I connect to the VPN, I find that I can't even connect to the VPN's gateway (192.168.x.1) to get to opnsense. It feels like it's a firewall block, since the telnet command gets hung.

Is there some obvious thing I'm missing? Thanks much.

I've put a few screenshots showing the interfaces, the VPN rules, and the firewall logs, at this link. https://imgur.com/a/98vZ7nX (https://imgur.com/a/98vZ7nX)

EDIT: I figured out what's wrong. I needed to setup the VPN server to listen on Interface "WAN" instead of Interface "any".

Title: Re: Firewall rules to allow OpenVPN access to my LAN
Post by: neek on April 05, 2022, 11:53:04 pm

bumping this with the hope that anyone has ideas?

Title: Re: Firewall rules to allow OpenVPN access to my LAN
Post by: spider on April 06, 2022, 04:33:47 am

Hi

I have these rules
(https://i.ibb.co/27ZdJYZ/openvpn-rules.png) (https://ibb.co/pvhdqrh)

I don't think you need to create an interface for an OpenVPN server.

There is more documentation at https://docs.opnsense.org/manual/vpnet.html#openvpn-ssl-vpn

cheers
-spider

Title: Re: Firewall rules to allow OpenVPN access to my LAN
Post by: neek on April 06, 2022, 05:14:24 am

Thanks. I realized I created that interface for VPN when I was trying to look at the live firewall log and wanted to watch all traffic on the interface. I deleted it and still don't seem to be able to reach the intranet, though the VPN seems intact.

Title: Re: Firewall rules to allow OpenVPN access to my LAN
Post by: RamSense on April 06, 2022, 08:06:57 am

While I'm not using opnvpn now, I remember using a guide back than to make it work. Maybe this full guide helps you.
https://homenetworkguy.com/how-to/configure-openvpn-opnsense/ (https://homenetworkguy.com/how-to/configure-openvpn-opnsense/)

Title: Re: Firewall rules to allow OpenVPN access to my LAN
Post by: neek on April 07, 2022, 08:12:05 am

Ok I've figured it out. I had the OpenVPN server set to listen on Interface "any". It needs to listen on Interface "WAN". D'oh!

thanks all!