VPN "IPv4 Remote Network" not working

[bradforr]

I'm new to OpnSense and OpenVPN and having a small issue.

I have managed to get VPNs working for client machines.

What I cannot get is access to the client's local network when they are connected on VPN... I set "IPv4 Remote Network" but it doesn't seem to allow the servers access to the local network where the clients are connecting from.

Alternatively, how do I make sure a client gets the same tunnel IP whenever they connect?

[bartjsmit]

What I cannot get is access to the client's local network when they are connected on VPN

Verify with some packet traces on the far end and look for your packets going onto the remote network. You may be able to reach the servers there, but they may not be able to send return packets to you.

Make sure that they have a static route pointing back to your local subnet, or configure the remote VPN device to do NAT for you.

Alternatively, how do I make sure a client gets the same tunnel IP whenever they connect?

You can run a separate tunnel for each client by varying the port number or the IP address for each OPNsense VPN server. That is also preferable if your clients churn or one of the secrets is compromised.

Bart...

[bradforr]

While hunting around online and trying a few things I found that if I enable "Topology" on the server config, add a Client Specific Override with the Common Name being set to to the user and add a line "ifconfig-push" into the Advanced with the IP and subnet... It then gives out the IP address.

I have two issues with this approach even though it works
1. I have no idea what it does or the implications of the setup
2. I see a notice that the Advanced option will be removed in the future

So what is the alternative or "correct" way to implement this?

[bartjsmit]

The man page is the source of all wisdom on OpenVPN but also a surefire cure for insomnia:

https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Bart...