Messages

What Patrick suggested is that you cannot reach an RFC1918 private IP from the public internet, because these are not getting routed to you at all.

With IPv4, there are only two ways you can make a connection from the outside to your private LAN:

1. You create a rule that forwards a specific port from your (public & routable) WAN IP to an IP on your (private) LAN. That is NAT (network adress translation). This will open up specific ports on specific machines only.

2. You install a VPN that enables access to your whole private LAN. It tunnels private IPs through the public internet. You can have two variants: a. Client-to-Site VPN for a road warrior setup for one client machine only or b. Site-to-Site-VPN if you want to connect two separate private LANs over the internet.


With IPv6, that is a whole different story, because then your LAN can have public IPs.

My need is to access the network at the main office from the branch office, not to access LAN address from public IP. The connection between the branch office and the Head office is already established using PPTP.

Is the LAN a private network, i.e. one of 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8?

If yes, this does not work the way you think it does, because these networks are not routed across the Internet. To connect two locations you need to set up a VPN.

First of all, is your WAN IP public or private?

It is now public IP. Anyway I already use both public and private IP but it is same.

Is the LAN a private network, i.e. one of 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8?

If yes, this does not work the way you think it does, because these networks are not routed across the Internet. To connect two locations you need to set up a VPN.

Yes, the LAN ip address is using privae network.
My objective is not to establish 2 location using VPN or another way, but I want to make the connection from outside OPNsense can reach the network behind the OPNsense which is the LAN network.
With the topology as follos:
Edge Router --> (WAN port)OPNSENSE(LAN port) --> Local Devices

I want to able to ping the Local Device from Edge Router.

Oh ya for additional information, from the OPNsense terminal console I can ping the local devices.

Thank you :)

Is the LAN a private network, i.e. one of 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8?

If yes, this does not work the way you think it does, because these networks are not routed across the Internet. To connect two locations you need to set up a VPN.

Yes, the LAN ip address is using privae network.
My objective is not to establish 2 location using VPN or another way, but I want to make the connection from outside OPNsense can reach the network behind the OPNsense which is the LAN network.
With the topology as follos:
Edge Router --> (WAN port)OPNSENSE(LAN port) --> Local Devices

I want to able to ping the Local Device from Edge Router.

Is this a standard NAT setup? Public IP on WAN, private network on LAN?

If yes you need to look at Firewall > NAT > Port Forwarding for inbound connections.

Hi Patrick, thank you for your answer,

Actually I dont set NAT for this, I set WAN Firewall to allow all traffic fwom WAN net to LAN net instead.
I need to allow traffic from WAN to LAN network because I want the user from other office(connected by any WAN connection) able to connect to Head Office(where the OPNsense sits) specific LAN address.

Hi everyone,

I need to allow traffic from WAN networks to LAN networks. I already add firewall to allow it, but it is still failed.
Is there anyone have a solution for this?
Thank you guys :)

unfortunately I couldn't resolve this problem, so I decided to reset to default :(
thank you guys.

Check firewall rules on the WAN interface accordingly. I guess that by "NAT Rule"you mean port forward, right?

I already recheck the firewall rules on mikrotik but still the same. Likely, the issue is on the OPNsense config, but dont know where :(

Does the tunnel endpoint have a route to LAN via OPNsense?

If there isn't, you'll have to do outbound NAT for OpenVPN in OPNsense

In the future I will need to add route from OpenVPN client to the LAN segment, but for this time there is no route yet.

I checkek on the Outboud NAT, and there is no automatic rule generated.
On the Outbound NAT, there are 4 options and the current is automatic NAT generation.
So, did you mean I have to add manual outbound NAT rules ?

Hi everyone,

I have problem to connect OpenVPN which is installed on the OPNsense located behind the internet router. The topology is as follows:
Internet Routet(Mikrotik) ----> OPNsense ---> LAN

I've already added NAT rule on the Router to forward port 1194 to the OPNsense's IP, but the OpenVPN still doesn't connect. When I OpenVPN from the OPNsense local IP address it just works, means that no problem the VPN server configuration.

Are you guys have the solutions for this? thank you :)