Show Posts
1
General Discussion / VPN cannot ping LAN clients behind gateway
« on: July 27, 2024, 05:01:49 pm »
Hi - HELP! please. I cannot ping or access clients behind the OPNSense gateway when using OpenVPN
Setup:
Remote networks 192.168.3.0/24 and 192.168.2.0/24
|
Remote gateway 192.168.3.1 / OpenVPN server 10.0.1.1
|
OPNSense gateway 192.168.100.1 / OpenVPN client 10.0.1.2
|
Local network 192.168.100.0/24
- OpenVPN tunnel works
- It's possible to ping remote gateway AND remote clients from local network
- It's possible to ping local OPNsense gateway from remote network, but not local clients e.g. 192.168.100.4
I believe this is a OPNsense local network NAT issue but for the life of me cannot figure it out, having wasted days.
OPNSense firewall log shows inbound ping and web access requests being let through the firewall
i.e. 192.168.3.197 accessing the OPNsense gateway 192.168.100.1 and both ping and webinterface returns
.... but no ping or return traffic flows back from client behind gateway
i.e. 192.168.3.197 accessing the OPNsense gateway 192.168.100.4
I don't think its a route issue since when the firewall is disabled I can reach the local clients from the remote network. I have no overlapping routes for the remote network.
My NAT Outbound table is a mess as I've tried every permutation I can think of to try and get this moving. Can someone guide me here please.
Setup:
Remote networks 192.168.3.0/24 and 192.168.2.0/24
|
Remote gateway 192.168.3.1 / OpenVPN server 10.0.1.1
|
OPNSense gateway 192.168.100.1 / OpenVPN client 10.0.1.2
|
Local network 192.168.100.0/24
- OpenVPN tunnel works
- It's possible to ping remote gateway AND remote clients from local network
- It's possible to ping local OPNsense gateway from remote network, but not local clients e.g. 192.168.100.4
I believe this is a OPNsense local network NAT issue but for the life of me cannot figure it out, having wasted days.
OPNSense firewall log shows inbound ping and web access requests being let through the firewall
i.e. 192.168.3.197 accessing the OPNsense gateway 192.168.100.1 and both ping and webinterface returns
.... but no ping or return traffic flows back from client behind gateway
i.e. 192.168.3.197 accessing the OPNsense gateway 192.168.100.4
I don't think its a route issue since when the firewall is disabled I can reach the local clients from the remote network. I have no overlapping routes for the remote network.
My NAT Outbound table is a mess as I've tried every permutation I can think of to try and get this moving. Can someone guide me here please.