OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: nam061 on December 02, 2022, 11:54:43 am

Title: Client Connected to OpenVPN Server Cannot Ping Other LAN Devices [SOLVED]
Post by: nam061 on December 02, 2022, 11:54:43 am
Hi

I have successfully configured OpenVPN via OPNsense. And I can successfully connect to it and successfully access the OPNSense GUI via a private IP address from a remote PC.

The problem, however, for some reason, I cannot reach any other clients on the same private subnet as the OPNsense server. My physical LAN network is set up as  192.168.50.0/24 and I have about 5 other clients on it. They can ALL successfully ping each other. My OPNsense server (192.168.50.1) "acts" as the gateway for my physical LAN network.

My OpenVPN network is set on a different subnet, which is 192.168.10.0/24. And I have the following firewall rules in place:

- WAN: https://tinyurl.com/2h632lj2
- OpenVPN: https://tinyurl.com/2fmdqajt
- LAN: None Configured

Am I missing something?

EDIT:

I have enabled "Redirect Gateway" in the VPN server settings. Should this be left so?

Also, I see that I can ping some other clients in the 192.168.50.0/24 network but still not ALL of them.

It seems the only difference between those that are reachable and those that are not, is that those not reachable do not have a gateway set to 192.168.50.1 whereas those that are reachable do.

The problem is if I enable a gateway on these clients since they have 2x NIC (1WAN & 1LAN), the entire server/client becomes unreachable, I think Linux does not like to have two NICs with each having a gateway.

Is there a way around this, which I believe is most likely the reason this is happening?
Title: Re: Client Connected to OpenVPN Server Cannot Ping Other LAN Devices
Post by: nam061 on December 04, 2022, 11:33:59 am
Solution posted here: https://serverfault.com/questions/1117143/how-to-configure-2-x-nic-with-each-having-their-own-gateway (https://serverfault.com/questions/1117143/how-to-configure-2-x-nic-with-each-having-their-own-gateway)