New OpenVPN server setup - can connect but can't talk to internal IPs

[cmay]

Hi, I followed the tutorial for OpenVPN road warrior server setup with 2FA.   I am able to connect to the VPN and get a VPN client IP, but I cannot talk to internal IPs.  I have set up the firewall rules to allow VPN traffic and to allow communication from the VPN clients (at 10.10.10.0/24) to my LAN (192.168.0.0/24) per the screenshot below, but no luck. 

Any help would be appreciated.  Thanks.

[banym]

Hi cmay,

that second rule is located on the wrong interface.Looks like you have the rule on WAN interface.  It should be under OpenVPN than it should work as expected.

[cmay]

Thanks.  I did have it under WAN instead of OpenVPN.  I fixed that, but still have the issue.

[banym]

Make a package capture on the OpenVPN interface and on the internal LAN interface to check if the packages are passed correctly.
You should see the answers from the clients if you ping from VPN.

If you need more help please post the screenshots of your configuration: LAN, WAN, OpenVPN configuration and the details what network addresses you are using.

If the connection is established it is a routing or a firewall rule problem in the most cases.

[cmay]

Got it to work.   It must have been that first fix of the WAN rule that needed to go to an OpenVPN rule.  When I tested it after that fix I didn't think it was working because I was trying to ping a device that I had recently changed its IP on, doh.   Thanks for the help!

I am still having one issue in that my public IP is not changing, still showing as the nonvpn public IP.  Will start another thread for that.  Thanks again.