OpenVPN site 2 site traffic issue

[EHRETic]

Hi there,

I'm trying to setup my first Opnsense infra. There is my home lab and a DR site.
Both have now a firewall and incoming/outgoing traffic t WAN is working fine.

As I like it, I've restricted Outboud traffic to HTTP/HTTPS and for some other ports (see capture)

Now, I've created an OpenVPN server at home and setup the client at the DR site. Connection is active between both FWs.

But I just can't access ressources from one LAN to the other. If I look at firewall logs, I clearly see that the traffic is blocked by the "Default deny rule" (as an example RDP)
If I activate the more generic rule (the one disabled at the top of the capture), it works.

I'm confused, I though VPN traffic would be setup in the OpenVPN interface. In several tutorials, there is also mention of creating a new interface for the OpenVPN opnsX interface, which will create a new gateway.
Setting an open firewall rule on this extra interface didn't solve the issue either.

I'm suspecting a routing issue (VPN traffic should hit the VPN interface first no ?), but it is beyond my knowledge for now :-)

Help very much appreciated !

[lfirewall1243]

Do you have any Rules on the VPN Interfaces to allow traffic from one LAN to the other?

[EHRETic]

Do you have any Rules on the VPN Interfaces to allow traffic from one LAN to the other?

For now on, I've only the OpenVPN interface with an open rule (capture).
I've removed the extra VPN interface you can create in assignement to simplify the troubleshooting (gateway included).

My current setup reflects almost exactly what is mentionned here : https://wiki.opnsense.org/manual/how-tos/sslvpn_s2s.html