[Solved] Redirect Gateway not working with new Instances

Started by meschmesch, September 19, 2023, 12:50:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 19, 2023, 12:50:11 PM Last Edit: September 20, 2023, 02:55:06 PM by meschmesch
Hello,
I have sucessfuly set up a VPN connection using the new instances tab. The Server is listening on TCP6, access to local 192.168.0.0/16 is possible from remote. However, redirect-gateway does not work at all. Neither by ticking any of the options in the server configuration, nor by using the option "redirect-gateway" in the client config.

I would appreciate some guidance how to approach this issue. I used the same server/client configuration with the "old" Server tab, having ticked "redirect-gateway" and this worked without any problems.

Thank you!
September 20, 2023, 02:54:48 PM #1
Hello,
I solved the issue. I have no idea why the old configuration worked. Obviously the New Instances stuff is more picky and not doing stuff in the background the old Server tab did.

Solution: Added outbound nat for the OpenVPN net (I use Manual outbound NAT rule generation). Redirect gateway is set to default.
February 25, 2024, 01:12:35 PM #2
Quote from: meschmesch on September 20, 2023, 02:54:48 PM
Solution: Added outbound nat for the OpenVPN net (I use Manual outbound NAT rule generation). Redirect gateway is set to default.
I'm facing the same issue: after connecting to instance Server I'm able to reach only hosts in LAN and not in WAN.
Creating SNAT for Openvpn interface doesn't help. Could you please be more specific??


Legacy config works as it should - OK.
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
September 08, 2024, 06:07:46 PM #3
I had the same issue, and I managed to have it working. It seems that VPN networks from legacy are automatically added in "OpenVPN" network alias, which enable automatic outbound NAT to work, and (at least when there are legacy OpenVPN) networks from the new OpenVPN instances are not added into that alias.

So:

1) I created manually an alias that include the tunnel subnet (i.e. my tunnel subnet is 10.101.2.0/24 and my alias UserVPN 10.101.0.0/16).

2) I went into Firewall/NAT/Outbound, and switched to "hybrid"

3) Then I manually add a new rule on WAN interface, and for source I chose my new alias, "UserVPN"

PS as explained in previous posts, in the redirect setting of the OpenVPN instance, I only check "default".
Print
Go Up Pages1
User actions