OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: ahi on November 16, 2017, 08:45:45 pm
-
Hi,
i am trying to build a "simple" openvpn server with the latest opnsense and finally despairing...
I configured the second time from the scratch now with the same problem:
Connection to OpenVPN running on TCP443 (Web-Interface Port 444) can be established without any errors, but the routing to the LAN net is not working. Only the Opnsense IP in the LAN Net is reachable. For now all traffic should be routed over the VPN, so Redirect Gateway is on in the server setting, but i tested with this option turned off and putting the lan net in the openvpn config too.
The server has a public WAN IP. The other networks are:
LAN 172.16.30.0/23
OpenVPN 10.16.30.0/24
netstat -rn
Internet:
Destination Gateway Flags Netif Expire
default xxx.xxx.xxx.129 UGS em0
10.16.30.0/24 10.16.30.2 UGS ovpns1
10.16.30.1 link#7 UHS lo0
10.16.30.2 link#7 UH ovpns1
127.0.0.1 link#4 UH lo0
172.16.30.0/23 link#2 U em1
172.16.30.56 link#2 UHS lo0
xxx.xxx.xxx.128/28 link#1 U em0
xxx.xxx.xxx.131 link#1 UHS lo0
Routes added to VPN Client:
Dest mask Gateway Interface Metrik
0.0.0.0 128.0.0.0 10.16.30.1 10.16.30.2 291
10.16.30.0 255.255.255.0 Auf Verbindung 10.16.30.2 291
10.16.30.2 255.255.255.255 Auf Verbindung 10.16.30.2 291
10.16.30.255 255.255.255.255 Auf Verbindung 10.16.30.2 291
IPCONFIG VPN Client
Ethernet-Adapter Ethernet 2:
Verbindungsspezifisches DNS-Suffix: xxxxxxxx.de
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physische Adresse . . . . . . . . : 00-FF-3E-xx-xx-xx
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::c99:4d1c:3271:xxxxxx(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 10.16.30.2(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Donnerstag, 16. November 2017 19:38:29
Lease läuft ab. . . . . . . . . . : Freitag, 16. November 2018 19:38:29
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 10.16.30.254
DNS-Server . . . . . . . . . . . : 172.16.30.5
172.16.30.6
NetBIOS über TCP/IP . . . . . . . : Aktiviert
The FW Rules are correct as far i can see. In the logs traffic is passed (attachment)
Thanks for any help
ahi
-
You may find that the routing to the LAN subnet is working fine, but the packets are not finding a way back to your OpenVPN clients. Make sure your return route is configured correctly. The LAN hosts must either use OPNsense as their default gateway, or have a static route to your OpenVPN client subnet.
You can also try a source NAT for the traffic coming out of the tunnel, but that is not ideal.
Bart...
-
I think this has been thought transmission or something like this :o
Just before i read your post i discovered an small error in the return route.
Thanks for the quick answer and probably the thought transmission! ;D
ahi
-
Good stuff, ahi - glad you got it working. Stay safe.
Bart...