Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] OpenVPN: Single NIC opnsense as client - how to forward VPN traffic
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] OpenVPN: Single NIC opnsense as client - how to forward VPN traffic (Read 2313 times)
eguun
Newbie
Posts: 9
Karma: 0
[Solved] OpenVPN: Single NIC opnsense as client - how to forward VPN traffic
«
on:
May 23, 2020, 03:30:20 pm »
Dear Community,
I'm new joiner to opnsense, but with some experience working with *BSD systems back in 1999-2003.
Could you please help me understand why I can't get opnsense to allow VPN traffic to local LAN?
I can't get the remote LAN to ping devices in the local LAN (the LAN on opnsense).
My setup:
------------------------------------------------------------------------------------------
--- | (192.168.14.20)OPT1 (OPNsense, as OpenVPN client) (192.168.137.137)LAN | --- (192.168.137.0/24)Local
| ------------------------------------------------------------------------------------------
|
VPN-Tunnel(192.168.14.0/24)
|
| ----------------------------------------------------------------------------------------------
--- | (192.168.14.254)OVPN-Iface (mikrotik, as OpenVPN server) (192.168.4.254)LAN | - (192.168.4.0/24)Remote
----------------------------------------------------------------------------------------------
What I configured
- the OpenVPN server is a mikrotik router
- opnsense (OPNsense 20.1.7 (amd64/OpenSSL)) is a box in my network
- it's a single NIC box - the NIC is configured as LAN
- A virtual nic (ovpnc1) gets created when the VPN configuration is created. I associated this NIC as OPT1
- opnsense establishes the VPN connection OK with the OpenVPN server
- devices in the LAN subnet can ping devices in the remote subnet
- I have added firewall rules to all interfaces (floating, LAN, OpenVPN, OPT1) to permit all to all (example in the attachments
- I have created all sorts of (failed attempts) on NAT one-to-one as shown below and NAT outbound as show in the attachments
Found similar threads with no clear solutions:
https://forum.opnsense.org/index.php?topic=6860.0
I tried the one-on-one NAT (see screenshots), but they don't seem to be working
https://forum.opnsense.org/index.php?topic=3050.msg9401#msg9401
I tried the Hybrid NAT (see screenshots), but they don't seem to be working either
https://forum.opnsense.org/index.php?topic=4476.0
https://forum.opnsense.org/index.php?topic=3984.msg20878#msg20878
I don't think "client exception" will work as opnsense is the VPN client.
"client exception" seems to apply when opnsense is the VPN server.
EDIT:
opnsense is aimed to replace an OpenWRT router, which was capable (until it fried last week) to move traffic from the remote lan to the local lan; ie: what I can't manage to do at the moment.
It's really a 1:1 replacement: a single interface of the openWRT was used. And the forward was pretty easy to implement: had to check a "masquerading" checkbox next to the interface name.
This gives me confidence in the fact that the server side is OK (mikrotik), and I replicated the openvpn setup into the opnsense.
I must be close, but I spent 4 hours on it, and my wife is getting upset.
Happy to provide more insights if need be
Thanks
«
Last Edit: May 23, 2020, 07:27:47 pm by eguun
»
Logged
eguun
Newbie
Posts: 9
Karma: 0
Re: OpenVPN: Single NIC opnsense as client - how to forward VPN traffic to local LAN
«
Reply #1 on:
May 23, 2020, 07:26:22 pm »
We can close the topic
I feel a bit stupid, but it ended up being some firewall rules into the Mikrotik side that prevented to forward the traffic.
So it was absolutely not where I focused hours of attention, ie into the opnsense forwarding capabilities.
here goes some time well spent!
I'll mark the topic as solved.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] OpenVPN: Single NIC opnsense as client - how to forward VPN traffic