Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
20.7.7_1 OpenVPN no longer routing to LAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: 20.7.7_1 OpenVPN no longer routing to LAN (Read 3260 times)
Grossartig
Jr. Member
Posts: 76
Karma: 4
20.7.7_1 OpenVPN no longer routing to LAN
«
on:
January 15, 2021, 01:15:31 am »
A few days back I upgraded from the previous build to 20.7.7_1-amd64. Since then, OpenVPN server no longer allows me to access any hosts on my local network. When connected to the VPN (I tried with two different Android devices), I can access anything on the Internet just fine, but when I try to connect to a host on my LAN using the IP address, it cannot connect.
Over the holidays, this all worked great and I was able to access hosts on my home network remotely for three weeks.
Is anyone aware of any breaking change that may have been introduced with the latest OPNsense version?
«
Last Edit: January 15, 2021, 01:22:31 am by Grossartig
»
Logged
thebraz
Newbie
Posts: 26
Karma: 2
Re: 20.7.7_1 OpenVPN no longer routing to LAN
«
Reply #1 on:
January 15, 2021, 09:54:05 am »
Hello, I can say that an OpenVPN configured as in the OPNsense manual works (I could connect and RDP into my remote PC without any problem) also in the last version, I used it yesterday too (you can see my last post for details if needed).
So it must be something specific to your configuration and I think a few more details about it will be needed in order to help you.
Best Wishes
Logged
Grossartig
Jr. Member
Posts: 76
Karma: 4
Re: 20.7.7_1 OpenVPN no longer routing to LAN
«
Reply #2 on:
January 15, 2021, 02:55:48 pm »
Thank you for the response. I in fact have two OpenVPN servers running on my network, one on the OPNsense router itself (port 11194) and one one an Ubuntu 20.04 server that is on my LAN (port 1194, forwarded from OPNsense).
Both OpenVPN endpoints were working until a couple of weeks ago, meaning I was able to connect to either one, and then also reach all of the hosts on my LAN.
Now, no matter which OpenVPN endpoint I connect to, I cannot reach any of my LAN hosts (only Internet resources).
Since both OpenVPN connections are now suffering from the same routing problem (no access to LAN hosts), I assume there is some general routing issue that was introduced recently. However, I did not make any such configuration changes myself.
Here are additional details:
OPNsense router has internal IP address 192.168.5.1. All my other LAN hosts are 192.168.5.x.
OPNsense OpenVPN server is using network 10.7.0.0/24
Ubuntu OpenVPN server is using network 10.8.0.0/24
Ubuntu server itself has internal IP address 192.168.5.135
Under System > Routes > Configuration, I have two routes configured:
Network 10.8.0.0/24, Gateway 192.168.5.135 (Ubuntu OpenVPN route)
Network 10.7.0.0/24, Gateway 127.0.0.1 (OPNsense OpenVPN route)
OPNsense OpenVPN server configuration:
UDP 11194 tun on interface WAN
IPv4 Tunnel Network: 10.7.0.0/24
Redirect Gateway: OFF
IPv4 Local Network: 192.168.5.0/24
OPNsense Firewall configuration:
NAT > Port Forward: 1194 forwarded to 192.168.5.135 for Ubuntu OpenVPN server
Rules > OpenVPN: IPv4 all sources, ports and destinations allowed, nothing denied (this is for the OPNsense OVPN service)
Rules > WAN: IPV4+6 UDP destination WAN address local port 11194 completely open (for OPNsense OVPN service)
As I mentioned before, I have not touched this configuration in about a month, and it worked flawlessly for a long time. The only relevant change I remember having done to OPNsense is upgrade to 20.7.7_1 recently. However, I did not test VPN functionality immediately after, so it's unclear if that triggered it or not.
I also haven't changed any of my OpenVPN server or client settings recently. And the issue can be observed on Android and Windows, without having made any change on those clients.
I also have already rebooted the OPNsense box itself, to rule out any transient issue.
Any further help is appreciated on how I can debug this.
Additional info, as I am going through the various settings pages of OPNsense:
Firewall > NAT > Outbound is set to Automatic. I don't really know what this does though and whether this is relevant in this context. I never changed this setting before.
«
Last Edit: January 15, 2021, 05:40:54 pm by Grossartig
»
Logged
Grossartig
Jr. Member
Posts: 76
Karma: 4
Re: 20.7.7_1 OpenVPN no longer routing to LAN
«
Reply #3 on:
January 15, 2021, 07:12:37 pm »
I may have found a workaround that seems to fix LAN connectivity from my OPNsense OpenVPN server:
In the OpenVPN Server configuration, I enabled "Topology" in the "Client Settings" section. This setting was previously disabled.
I am flabbergasted -- is this a new setting that was recently introduced, or was a change recently made that necessitated for me to enable this setting?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
20.7.7_1 OpenVPN no longer routing to LAN