"
Hello kind people,
I am trying to move away from a different commercial firewall with bad support - to OPNsense - but in order to do that, I need to have a fully functional solution. I am not an expert related to routing/firewalls or OPNSense, I did set up an OpenVPN box back in the day, but that pretty much sums up my experience with said solution.
My current setup is the following:
WAN1 - IP address x.x.x.x
WAN2 - IP address y.y.y.y
LAN - IP address for the LAN interface - 192.168.0.223 netmask 255.255.248.0
OpenVPN clients subnet 10.212.135.0/24
I have (or I think I have) a working WAN failover setup, with WAN1 being the main and WAN2 being the backup. I didn't get to test this scenario fully, as I only have removed WAN1 from the working firewall and connected it to the OPNsense box, and left WAN2 - secondary connection in the working firewall. But the internet works just fine, with just WAN1 being connected right now.
So, I set up an OpenVPN server, I have managed to connect to the OpenVPN server, from the connected PC (over OpenVPN) I can ping the gateway 10.212.135.1 which is assigned to the other end of the VPN - on the server, I can ping the LAN interface of the OPNSense box, which is 192.168.0.223, but I cannot ping/access anything else on the network 192.168.0.0/255.255.248.0. Also, from a PC on the network, I can ping the OPNSense box IP, but I cannot ping anything on the 10.212.135.0 subnet. On the connected client I can see the route pushed (I hope it's the correct one though):
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.100 192.168.1.16 25
0.0.0.0 128.0.0.0 10.212.135.1 10.212.135.2 257
10.212.135.0 255.255.255.0 On-link 10.212.135.2 257
10.212.135.2 255.255.255.255 On-link 10.212.135.2 257
10.212.135.255 255.255.255.255 On-link 10.212.135.2 257
I will attach below the firewall rules, as I suspect there is where I have missed something, and I need help with that.
Could anyone please give me an idea on what I am doing wrong?
Thank you,
Iulian
I am trying to move away from a different commercial firewall with bad support - to OPNsense - but in order to do that, I need to have a fully functional solution. I am not an expert related to routing/firewalls or OPNSense, I did set up an OpenVPN box back in the day, but that pretty much sums up my experience with said solution.
My current setup is the following:
WAN1 - IP address x.x.x.x
WAN2 - IP address y.y.y.y
LAN - IP address for the LAN interface - 192.168.0.223 netmask 255.255.248.0
OpenVPN clients subnet 10.212.135.0/24
I have (or I think I have) a working WAN failover setup, with WAN1 being the main and WAN2 being the backup. I didn't get to test this scenario fully, as I only have removed WAN1 from the working firewall and connected it to the OPNsense box, and left WAN2 - secondary connection in the working firewall. But the internet works just fine, with just WAN1 being connected right now.
So, I set up an OpenVPN server, I have managed to connect to the OpenVPN server, from the connected PC (over OpenVPN) I can ping the gateway 10.212.135.1 which is assigned to the other end of the VPN - on the server, I can ping the LAN interface of the OPNSense box, which is 192.168.0.223, but I cannot ping/access anything else on the network 192.168.0.0/255.255.248.0. Also, from a PC on the network, I can ping the OPNSense box IP, but I cannot ping anything on the 10.212.135.0 subnet. On the connected client I can see the route pushed (I hope it's the correct one though):
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.100 192.168.1.16 25
0.0.0.0 128.0.0.0 10.212.135.1 10.212.135.2 257
10.212.135.0 255.255.255.0 On-link 10.212.135.2 257
10.212.135.2 255.255.255.255 On-link 10.212.135.2 257
10.212.135.255 255.255.255.255 On-link 10.212.135.2 257
I will attach below the firewall rules, as I suspect there is where I have missed something, and I need help with that.
Could anyone please give me an idea on what I am doing wrong?
Thank you,
Iulian
