Double Router configuration - no internet access from second router - NAT?

[rosaormen]

Hello everyone,
I'm trying to set up a secondary router on my existing network.
LAN works, but I'm completely stuck at getting the devices on the new network to talk to the old network, and the 192.168.1.1 router. Very grateful for any ideas on how I could progress.

I have marked the things I am most dumbfounded by with a question-mark.

Main router (#main) - 192.168.1.1

Secondary Router (#opn), running opnsense
    WAN (em0) : 192.168.1.2
    LAN (em1) : 192.168.4.1

A PC on main router network (#pc1) : 192.168.1.4
A PC on opnsense router network (#pc2) : 192.168.4.50



Firewall rules are set to allow any src/dst, in & out on LAN and WAN.
NAT are set to automatic, I have tried setting a manual rule for trafic between WAN and LAN, but does not improve my predicament.

#pc1 (on #main) can ping 192.168.1.2 and 192.168.1.1 but times out at 192.168.4.1.
#pc2 (on #opn) can ping 192.168.1.2, 192.168.4.1 but times out at 192.168.1.1.



Using opnsense (Interface > Diagnostics > Ping) to ping:
192.168.4.1 = Success
192.168.1.1 = Fail
192.168.1.2 = Fail?

System > Gateways > Single :
WAN_DHCP (active) Interface: WAN, protocol: IPv4, Gateway: 192.168.1.1, Status Online (used for DNS to 8.8.8.8 and 8.8.4.4)
em0 is assigned IP by main router DHCP.
em1 has a DHCP range of 50-252.

Running packet capture, I can see the following:
LAN
em1   2023-10-04
16:38:46.183119   a0:36:bc:bd:0c:af   00:26:55:d8:b4:20   ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 128, id 11836, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.4.50 > 192.168.1.1: ICMP echo request, id 1, seq 1670, length 40

WAN
em0   2023-10-04
16:38:39.141735   00:26:55:d8:b4:21   00:22:07:32:e3:91   ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 23097, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.1.2 > 192.168.1.1: ICMP echo request, id 7566, seq 324, length 64

WAN
em0   2023-10-04
16:38:39.142137   00:22:07:32:e3:91   00:26:55:d8:b4:21   ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 57327, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.1.1 > 192.168.1.2: ICMP echo reply, id 7566, seq 324, length 64

WAN
em0   2023-10-04
16:38:39.142151   00:26:55:d8:b4:21   00:22:07:32:e3:91   ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57327, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.1.1 > 192.168.1.2: ICMP echo reply, id 7566, seq 324, length 64


Running tracert 192.168.1.1 from #pc2 returns:
router.localdomain [192.168.4.1]
Request timed out.

[Cyberloard]

Writing this from my phone so please forgive any formatting errors. One thing to double check is to ensure block Private networks is disable under the WAN interface settings.

[rosaormen]

Block Private network is turned off, as well as Block block bogon networks.

[rosaormen]

Turned out to be the gateway.

I set the WAN gateway from "dynamic" to 192.168.1.1.