1
21.1 Legacy Series / openconnect routing issue
« on: May 18, 2021, 09:31:20 pm »
Hi I am new to opnsense, I have setup the openconnect client fine and I can ping the openconnect server IP 10.10.10.1 from the firewall itself ( see below)
tun30000: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1269
options=80000<LINKSTATE>
inet6 fe80::20c:29ff:fed4:8e1a%tun30000 prefixlen 64 scopeid 0x10
inet 10.10.10.64 --> 10.10.10.64 netmask 0xffffffff
groups: tun
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Opened by PID 85466
root@OPNsense:/usr/local/etc/rc.d # ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=238.202 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=312.186 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=239.129 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=239.459 ms
64 bytes from 10.10.10.1: icmp_seq=4 ttl=64 time=237.771 ms
64 bytes from 10.10.10.1: icmp_seq=5 ttl=64 time=313.507 ms
64 bytes from 10.10.10.1: icmp_seq=6 ttl=64 time=242.929 ms
64 bytes from 10.10.10.1: icmp_seq=7 ttl=64 time=238.647 ms
and I have added NAT outbound rule for openconnect as well
OpenConnect any * * * Interface address * NO
But my I still can't ping 10.10.10.1 from LAN side (192.168.1.0/24) the LAN firewall rule has default allow any rule already there, any idea? I think it might be something simple but just can't figure out, thanks in advance
tun30000: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1269
options=80000<LINKSTATE>
inet6 fe80::20c:29ff:fed4:8e1a%tun30000 prefixlen 64 scopeid 0x10
inet 10.10.10.64 --> 10.10.10.64 netmask 0xffffffff
groups: tun
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Opened by PID 85466
root@OPNsense:/usr/local/etc/rc.d # ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=238.202 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=312.186 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=239.129 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=239.459 ms
64 bytes from 10.10.10.1: icmp_seq=4 ttl=64 time=237.771 ms
64 bytes from 10.10.10.1: icmp_seq=5 ttl=64 time=313.507 ms
64 bytes from 10.10.10.1: icmp_seq=6 ttl=64 time=242.929 ms
64 bytes from 10.10.10.1: icmp_seq=7 ttl=64 time=238.647 ms
and I have added NAT outbound rule for openconnect as well
OpenConnect any * * * Interface address * NO
But my I still can't ping 10.10.10.1 from LAN side (192.168.1.0/24) the LAN firewall rule has default allow any rule already there, any idea? I think it might be something simple but just can't figure out, thanks in advance