OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: zanga on December 08, 2017, 09:38:18 pm
-
Hello,
I followed this guide however on Step 2 - Firewall Rules - allow traffic from the VPN clients to our LAN interface, I don't see the OpenVPN clients drop down mentioned in that screenshot.
WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP
VPN has 10.10.0.0/24
The VPN connection is established, I get a 10.10.0.x IP, but I can't reach any of the 192.168.2.x IP from the LAN.
Any idea what I might be missing?
Thank you !
-
A pass firewall rule maybe?
-
If there is no "pass any" rule for the VPN you can have problems.
Also, with IPs like:
WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP
You can have problems if you are trying to access the VPN from another network that includes 192.168.1.0/24 IP
You probably already know this, but lets say you are at your friends house or some office and the network there is 192.168.1.0/24 IP
Then you access your VPN remotely.
And you try to go to the remote 192.168.1.0/24 IP network. Odds are it either won't work at all or will work only intermittently. I wouldn't use 192.168.1.0/24 IP for anything ever. Not even for testing.
-
Thank you for your replies !
I thought the pass rule is the one on step 2
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
The one for the LAN interface.
Is there another one that's missing ?
You are correct with the 192.168.1.0 network, indeed it's only used for testing and the odds are this might actually be the issue if the pass rule is already there.
-
There should be 1 rule added on the WAN to allow outside access to the VPN
1 rule added on the VNP interface to allow access to "ANY/ALL"
And your LAN should have already had an allow all rule.
If you did all that, it may be a conflict caused by that often used subnet.
-
I added the VPN access rule on the WAN ANY/ALL 1194
And on the VPN tab permit from the 10.10.0.0/24 to all
The guide doesn't mention anything on the LAN tab.
Also, for some reason I don't see that OpenVPN clients drop down.