Messages

Gotcha, my home connection is on a symmetrical gigabit connection so bandwidth is not an issue.  I need all traffic to go through my VPN for use at work.   

I will research redirect gateway, thanks again banym.

Hi, got a new OpenVPN server set up following the OPNSense road warrior guide.  All is working fine except that my public IP address is not changing.  Anyone know where to start with troubleshooting that?  And how to set up to route all network traffic through the VPN?

Got it to work.   It must have been that first fix of the WAN rule that needed to go to an OpenVPN rule.  When I tested it after that fix I didn't think it was working because I was trying to ping a device that I had recently changed its IP on, doh.   Thanks for the help!

I am still having one issue in that my public IP is not changing, still showing as the nonvpn public IP.  Will start another thread for that.  Thanks again.

Thanks.  I did have it under WAN instead of OpenVPN.  I fixed that, but still have the issue.

Hi, I followed the tutorial for OpenVPN road warrior server setup with 2FA.   I am able to connect to the VPN and get a VPN client IP, but I cannot talk to internal IPs.  I have set up the firewall rules to allow VPN traffic and to allow communication from the VPN clients (at 10.10.10.0/24) to my LAN (192.168.0.0/24) per the screenshot below, but no luck. 

Any help would be appreciated.  Thanks.

After trying to delete and recreate the rules, and reading countless posts and possible fixes on the forums, I decided to just try reinstalling OPNSense from scratch.   After reinstalling and recreating the forward rules, all is working now.  I guess it was just a glitchy install.  Thanks for all the help.

The WAN IP is the official internet IP, not a private address (the cable modem is indeed in bridge mode).

Thank you so much for taking the time to troubleshoot this with me.

No, there is no router in front of my WAN.  The cable modem's internet out port plugs directly into the OPNSense WAN interface.  (If you were confused about the linksys router reference, I was saying that before I replaced that DDWRT router with the OPNSense box, port forwarding worked fine over my ISP, so it isn't something being blocked at the ISP level).

I can SSH fine into the machine in question over the LAN, have been doing it all week, so I know SSH is up and running on it (and it has been workin for years via that now retired router that OPNSense replaced).

I think we can knock out the following question now that I've cleared up that there is no router in front of OPNSense: " Maybe the IP on WAN side has changed and therefore the portforwarding from your wan router is not pointing to the correct IP?
"

For this question "If you have private network range on WAN side, have you checked block all traffic from private network on WAN interface?"        I may be in a little over my head with this (but I really want to learn), but I do not understand what you mean when you ask if I have a private network range on WAN side.   I will research and see if those settings are set.

An added bit of info, from my Mac terminal I get "connection refused" immediately (doesn't timeout) when trying to SSH to my WAN addresss from an external network (at work).  I looked at the live logs and saw no denied connections from my work's ip to my home OPNSense box.  Is there another place I should be looking for logs?


Again, thanks for all your help. 

Yes I have tried that and also Automatic outbound NAT for reflection as suggested in a how-to on the FAQ page.  Screenshot of Firewall > Settings > Advanced below:

I'm pretty sure I did.  I didn't add the WAN rule and it is listed there.   Below is the screenshot of my WAN rules.

My WAN IP is a Cox home internet dynamic IP (one of those dynamic IPs that lasts for ages though).  Port forwarding was working before I set up OPNSense with a Linksys router flashed with DDWRT, so nothing Cox is doing is blocking it.

Still no luck setting this up.  Any help would be appreciated.

Hi.  I am new to OPNSense and just got my system up. First thing I am trying is to get a SSH port forward set up to my linux box, with no luck.  Attached below is the setup of my port forward settings:

I also went into Firewall > Settings> Advanced and set Reflection for port forwards and Automatic outbound NAT for Reflection to checked as was recommended by other posts here with port forward issues, but same result.