OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: ahi on November 16, 2017, 08:45:45 pm

Title: [SOLVED] OpenVPN - No Routing to LAN Net
Post by: ahi on November 16, 2017, 08:45:45 pm

Hi,

i am trying to build a "simple" openvpn server with the latest opnsense and finally despairing...
I configured the second time from the scratch now with the same problem:
 
Connection to OpenVPN running on TCP443 (Web-Interface Port 444) can be established without any errors, but the routing to the LAN net is not working. Only the Opnsense IP in the LAN Net is reachable. For now all traffic should be routed over the VPN, so Redirect Gateway is on in the server setting, but i tested with this option turned off and putting the lan net in the openvpn config too.

The server has a public WAN IP. The other networks are:

LAN 172.16.30.0/23
OpenVPN 10.16.30.0/24

Code: [Select]

netstat -rn

Internet:
Destination        Gateway            Flags     Netif Expire
default            xxx.xxx.xxx.129      UGS         em0
10.16.30.0/24      10.16.30.2         UGS      ovpns1
10.16.30.1         link#7             UHS         lo0
10.16.30.2         link#7             UH       ovpns1
127.0.0.1          link#4             UH          lo0
172.16.30.0/23     link#2             U           em1
172.16.30.56       link#2             UHS         lo0
xxx.xxx.xxx.128/28  link#1             U           em0
xxx.xxx.xxx.131     link#1             UHS         lo0

Routes added to VPN Client:

Code: [Select]

     Dest           mask          Gateway    Interface Metrik
          0.0.0.0        128.0.0.0       10.16.30.1       10.16.30.2    291
       10.16.30.0    255.255.255.0   Auf Verbindung        10.16.30.2    291
       10.16.30.2  255.255.255.255   Auf Verbindung        10.16.30.2    291
     10.16.30.255  255.255.255.255   Auf Verbindung        10.16.30.2    291

   
IPCONFIG VPN Client

Code: [Select]

Ethernet-Adapter Ethernet 2:

   Verbindungsspezifisches DNS-Suffix: xxxxxxxx.de
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
   Physische Adresse . . . . . . . . : 00-FF-3E-xx-xx-xx
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::c99:4d1c:3271:xxxxxx(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 10.16.30.2(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Donnerstag, 16. November 2017 19:38:29
   Lease läuft ab. . . . . . . . . . : Freitag, 16. November 2018 19:38:29
   Standardgateway . . . . . . . . . :
   DHCP-Server . . . . . . . . . . . : 10.16.30.254
   DNS-Server  . . . . . . . . . . . : 172.16.30.5
                                       172.16.30.6
   NetBIOS über TCP/IP . . . . . . . : Aktiviert
The FW Rules are correct as far i can see. In the logs traffic is passed (attachment)

Thanks for any help

ahi

Title: Re: OpenVPN - No Routing to LAN Net
Post by: bartjsmit on November 16, 2017, 08:50:32 pm

You may find that the routing to the LAN subnet is working fine, but the packets are not finding a way back to your OpenVPN clients. Make sure your return route is configured correctly. The LAN hosts must either use OPNsense as their default gateway, or have a static route to your OpenVPN client subnet.

You can also try a source NAT for the traffic coming out of the tunnel, but that is not ideal.

Bart...

Title: Re: OpenVPN - No Routing to LAN Net
Post by: ahi on November 16, 2017, 10:33:11 pm

I think this has been thought transmission or something like this :o

Just before i read your post  i discovered an small error in the return route.

Thanks for the quick answer and probably the thought transmission!  ;D

ahi

Title: Re: OpenVPN - No Routing to LAN Net
Post by: bartjsmit on November 17, 2017, 08:20:43 am

Good stuff, ahi - glad you got it working. Stay safe.

Bart...