OPNsense Forum

English Forums => General Discussion => Topic started by: raffe on August 06, 2018, 04:21:34 pm

Title: Gave LAN new IP, OpenVPN stopped working
Post by: raffe on August 06, 2018, 04:21:34 pm

Hi!

I'm going from IPcop to OpnSense. I had setup OpnSense, and it worked well with OpenVPN, portforwarding, DynDNS, NTP etc.

IPcop had 192.168.222.254 and OpnSense had 192.168.222.251.

During the big day when I wanted switch firewalls I came to the part where I was supposed to change the gateways on about ten devices with static IP-addressees. I thought it was easier to just switch addresses between IPcop and OpnSense.

So IPcop has now 192.168.222.251 and OpnSense has 192.168.222.254. I did this from remote, and it worked like two minutes and after that OpenVPN stopped working. I could connect with OpenVPN and I could ping 192.168.222.254, but I couldn't connect to anything else in 192.168.222.0/24 or even open the OpnSense configuration web page. I saw a notice that said

Quote

There were error(s) loading the rules: /tmp/rules.debug:31:no translation address with matching address family found. - The line in question reads [31]: nat on ue0 inet from (re0:network) to any port 500 -> ue0:0 static-port # Automatic outbound rule

The rules I have are the same as in https://docs.opnsense.org/manual/how-tos/sslvpn_client.html as I followed it, but I don't use 2FA.
(https://i.imgur.com/DlnjqjH.jpg)
(https://i.imgur.com/RUC8kXQ.jpg)
So I tried to open all rules I could find and just re-save them without changing anything, but it didn't help. Then I opened the OpenVPN rule, changed "source" from "*" to "OpenVPN net". After that I couldn't ping anything on LAN, not even 254. So I changed "source" back to "*" and now OpenVPN works OK again :-) Now everything is good again!

Or is it? Now I am worrying that maybe I also broke something else, but I just have not seen or realized what yet. What do you think, should I reinstall OpenVPN again? Or should I maybe reinstall the whole OpnSense again? Or are there something else I should do (mind you, I am not only an OpnSense/FreeBSD noob, I'm also very bad at exorcism if you intend to suggest it ;-)