Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Remote Access with OpenVPN, no replies from LAN in the tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: Remote Access with OpenVPN, no replies from LAN in the tunnel (Read 2901 times)
random1104
Jr. Member
Posts: 79
Karma: 0
Remote Access with OpenVPN, no replies from LAN in the tunnel
«
on:
July 03, 2021, 05:22:42 am »
Hello, I've setup OPNSense with OpenVPN several times in the past, but this is the first time I see this (my last exercise was a long time ago and something might have changed).
This is a brand new install updated to 21.1.7_1, VM on top of Proxmox serving as OpenVPN Remote Access VPN server.
- I can get the client to connect
- Firewall rules allow traffic coming from the tunnel to the LAN
- Server in LAN sees the ICMP echo request from the VPN client
- Server sends ICMP echo reply (tcpdump on the server located in LAN)
- I can see incoming ICMP echo reply packages entering the firewall LAN interface
- I don't see outgoing ICMP echo reply packages in the tunnel (no outgoing replies from Firewall to remote client).
- There are no firewall log entries, or OpenVPN errors.
- Route table seem to be ok, checked with tcpdump in the firewall for asymmetric replies (reply going to another interface), but found nothing.
Any idea about what could be missing?. I've been checking & re-checking for the last 4 hours, any relevant hint is welcomed.
Edit: adding diagram to better explain what's the scenario
«
Last Edit: July 03, 2021, 04:39:08 pm by random1104
»
Logged
hloiter
Newbie
Posts: 36
Karma: 2
Re: Remote Access with OpenVPN, no replies from LAN in the tunnel
«
Reply #1 on:
July 03, 2021, 05:20:04 pm »
Hello,
i think you need a NAT Outbound rule.
Cheers
hloiter
Logged
random1104
Jr. Member
Posts: 79
Karma: 0
Re: Remote Access with OpenVPN, no replies from LAN in the tunnel
«
Reply #2 on:
July 03, 2021, 06:20:20 pm »
Thanks for the feedback. Part of the CARP-for-WAN setup included an outbound manual NAT for LAN using the public floating IP.
In case it was missing (doesn't seem to be the case), would it really affect the traffic going through the tunnel (clean routing is expected, without NAT inside the tunnel)
Logged
random1104
Jr. Member
Posts: 79
Karma: 0
Re: Remote Access with OpenVPN, no replies from LAN in the tunnel
«
Reply #3 on:
July 09, 2021, 01:21:14 pm »
Solved this after several days of reviewing firewall, NAT and OpenVPN configurations again and again.
In the end, disabling the VPN gateway that was created automatically after assigning the interface for the tunnel fixed the issue for me, go figure.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Remote Access with OpenVPN, no replies from LAN in the tunnel