Messages

So while the VPN is active you are not able to communicate with any other network but your local one. Looks like it's designed that way. Disable the VPN if you need to access things in your other private LAN. Problem solved.

Instead of "OPNsense is not advertising local routes" your initial post should probably read "I am trying to circumvent my company's VPN policies".

Place all devices you need for work while the VPN is active into the same LAN. Place everything else into a different one.

this is a home network, so no company VPN policy circumvention. it's a VPN provider i use to tunnel out for when i need a non-UK IP.

Anyway, thanks for all the help on this.

You do not need an explicit route. OPNsense ought to be the default gateway for all connected networks. Problem solved.

What is this "VPN situation"?

the VPN sets a default route to it's TUN network to route outbound traffic via the tunnel. if there isn't an explicit route, the packets hit the TUN network. This isn't a behavior I can change, so not much to be done to fix this.

Doesn't OPNsense do all the routing in your network?

it does, but it's currently using the ISC DHCP service, and not Kea, and i don't see a way to add an explicit route (i.e. 192.168.2.0/26 via 192.168.1.1) to ISC

* i noticed that i called the AP a router. i've fixed that (it is a re-purposed combo device, with the DHCP server disabled to turn it into an AP)

You did not write anything about a VPN configuration. Please provide all details, all involved networks, all routes. It's difficult to help you if you don't.

I disabled the VPN, so it isn't a factor.

Adding the manual routes to two devices allowed them to ping each other. Unfortunately, the AP doesn't seem to let me configure it's gateway, so i can't make it reachable. Now i guess i need to switch the DHCP server to Kea, and configure routes there so DHCP devices route correctly. Thanks for the help, and i guess i need a better AP.

It should send a default route.

because of a VPN configuration on the computer, a default route doesn't work. I need an explicit route. i.e. "192.168.2.0/24 via 192.168.1.1"
also, even if I add this route manually, i still don't get a ping reply from the AP.

also, removing the VPN routes, and just leaving the default OPNsense route, i also don't get a reply from the AP

What do you mean by advertising? This term is frequently used in dynamic routing, i.e. routing protocols between routers, not clients.

Your clients should all have a default gateway route pointing to the OPNsense IP address in the respective network.

the route isn't being sent to the PCs on the LAN network. it only sends the LAN route (192.168.1.0/26), and thus the PC doesn't send packets destined to the AP up to the gateway.

[Interface]

I am running OPNsense 25.1.12-amd64.

I have the following setup:

Interface	|	subnet/CIDR
[LAN]	|	192.168.1.0/26
[WLAN]	|	192.168.2.0/26

there is an AP on 192.168.2.10 (static), that i would like to be able to reach from the LAN subnet. Additionally, there is going to be a DNS server on LAN, that i want devices on the WLAN subnet to reach. the two subnets are on separate physical interfaces.

The issue that i am having, is that OPNsense isn't advertising the cross-subnet routes. if i manually add a route on a compuer on the LAN subnet, and try to ping the AP, i can see the packet being passed in the firewall logs, but by default, the route isn't there.

Help is appreciated.