Show Posts
1
22.1 Legacy Series / OpenVPN Connects, but unable to browse LAN or PING anything other than Firewall
« on: March 27, 2022, 07:47:40 pm »
I've used both the OpenVPN Wizard (cleverly hiding next to the New Server button) and followed the instructions here: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
In both cases, no matter what I do, I can connect to the VPN on the mobile client, but aside from being able to ping the OpnSense Firewall and login to it, I cannot access any other network resources, including ping, file share, & RDP.
The firewall rules were automatically created (via the Wizard), but I also manually created the rules in the WAN, LAN & OpenVPN categories (again following the guide above). That said, source of "OpenVPN net" doesn't seem to work in the LAN Source (see here for further reference: https://forum.opnsense.org/index.php?topic=4986.0), but if I change it to 10.10.0.0/24 (my VPN's address range), I can at least get the ping reply out of the OpnSense Firewall at 192.168.0.1.
Tracert on the client dies at Tunnel Network host address...10.10.0.2, which screams "bad firewall rule", but the firewall logs don't reveal much of anything useful. I don't see it dropping packets that have to do with the VPN rules, in fact I see allows the ICMP ping packet from 10.10.0.2 to my internal network file server. Yet, no reply comes back to the client. I can ping internally to that file server without any issue or delay, it passes through the firewall just fine.
I'm baffled and am not sure what to try next...other than trying to configure the IPSec VPN instead.
Edit to add version info:
OPNsense 22.1.2_1-amd64
In both cases, no matter what I do, I can connect to the VPN on the mobile client, but aside from being able to ping the OpnSense Firewall and login to it, I cannot access any other network resources, including ping, file share, & RDP.
The firewall rules were automatically created (via the Wizard), but I also manually created the rules in the WAN, LAN & OpenVPN categories (again following the guide above). That said, source of "OpenVPN net" doesn't seem to work in the LAN Source (see here for further reference: https://forum.opnsense.org/index.php?topic=4986.0), but if I change it to 10.10.0.0/24 (my VPN's address range), I can at least get the ping reply out of the OpnSense Firewall at 192.168.0.1.
Tracert on the client dies at Tunnel Network host address...10.10.0.2, which screams "bad firewall rule", but the firewall logs don't reveal much of anything useful. I don't see it dropping packets that have to do with the VPN rules, in fact I see allows the ICMP ping packet from 10.10.0.2 to my internal network file server. Yet, no reply comes back to the client. I can ping internally to that file server without any issue or delay, it passes through the firewall just fine.
I'm baffled and am not sure what to try next...other than trying to configure the IPSec VPN instead.
Edit to add version info:
OPNsense 22.1.2_1-amd64