Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
SSL VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: SSL VPN (Read 8214 times)
zanga
Newbie
Posts: 14
Karma: 1
SSL VPN
«
on:
December 08, 2017, 09:38:18 pm »
Hello,
I followed this guide however on Step 2 - Firewall Rules - allow traffic from the VPN clients to our LAN interface, I don't see the OpenVPN clients drop down mentioned in that screenshot.
WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP
VPN has 10.10.0.0/24
The VPN connection is established, I get a 10.10.0.x IP, but I can't reach any of the 192.168.2.x IP from the LAN.
Any idea what I might be missing?
Thank you !
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: SSL VPN
«
Reply #1 on:
December 08, 2017, 09:39:28 pm »
A pass firewall rule maybe?
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: SSL VPN
«
Reply #2 on:
December 09, 2017, 12:54:06 am »
If there is no "pass any" rule for the VPN you can have problems.
Also, with IPs like:
WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP
You can have problems if you are trying to access the VPN from another network that includes 192.168.1.0/24 IP
You probably already know this, but lets say you are at your friends house or some office and the network there is 192.168.1.0/24 IP
Then you access your VPN remotely.
And you try to go to the remote 192.168.1.0/24 IP network. Odds are it either won't work at all or will work only intermittently. I wouldn't use 192.168.1.0/24 IP for anything ever. Not even for testing.
Logged
zanga
Newbie
Posts: 14
Karma: 1
Re: SSL VPN
«
Reply #3 on:
December 09, 2017, 09:01:16 am »
Thank you for your replies !
I thought the pass rule is the one on step 2
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
The one for the LAN interface.
Is there another one that's missing ?
You are correct with the 192.168.1.0 network, indeed it's only used for testing and the odds are this might actually be the issue if the pass rule is already there.
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: SSL VPN
«
Reply #4 on:
December 09, 2017, 10:33:47 am »
There should be 1 rule added on the WAN to allow outside access to the VPN
1 rule added on the VNP interface to allow access to "ANY/ALL"
And your LAN should have already had an allow all rule.
If you did all that, it may be a conflict caused by that often used subnet.
Logged
zanga
Newbie
Posts: 14
Karma: 1
Re: SSL VPN
«
Reply #5 on:
December 10, 2017, 11:06:59 am »
I added the VPN access rule on the WAN ANY/ALL 1194
And on the VPN tab permit from the 10.10.0.0/24 to all
The guide doesn't mention anything on the LAN tab.
Also, for some reason I don't see that OpenVPN clients drop down.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
SSL VPN