Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Can connect to OpenVPN, but cannot reach any LAN clients
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can connect to OpenVPN, but cannot reach any LAN clients (Read 2079 times)
blazte
Newbie
Posts: 4
Karma: 0
Can connect to OpenVPN, but cannot reach any LAN clients
«
on:
January 17, 2022, 05:12:03 pm »
Hi.
I have followed this guide "Setup SSL VPN Road Warrior" and can connect, but cannot reach any LAN clients.
LAN network: 10.1.1.0/24
VPN network: 10.4.4.0/24
Client network: 192.168.1.0/24
Client can connect to VPN and ping FW with 10.1.1.1 and 10.4.4.1, but cannot ping any LAN clients.
Any suggesting will be appreciated.
Screenshot is attached.
Version OPNsense 21.7.7-amd64
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #1 on:
January 17, 2022, 05:38:48 pm »
Is OPNsense the default gateway for your LAN clients?
Are you pushing the redirect-gateway option to your OpenVPN clients?
Logged
blazte
Newbie
Posts: 4
Karma: 0
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #2 on:
January 17, 2022, 05:56:56 pm »
OPNsense is the default gateway (10.1.1.1) for my LAN clients.
redirect-gateway is not pushed.
Here is my .ovpn file:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
client
resolv-retry infinite
remote X 1194 udp
lport 0
verify-x509-name X
remote-cert-tls server
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
X
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
X
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
X
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
X
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #3 on:
January 17, 2022, 08:45:39 pm »
Do you have the 'redirect gateway' box ticked on the OpenVPN server tunnel settings?
Also try this on the client side:
redirect-gateway def1
Bart...
Logged
blazte
Newbie
Posts: 4
Karma: 0
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #4 on:
January 17, 2022, 09:56:03 pm »
redirect gateway is unchecked.
I have tried to add "redirect-gateway def1" in .ovpn file and after this I get my gateway public IP, but i can still not reach any LAN clients.
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #5 on:
January 17, 2022, 10:23:30 pm »
Do some packet traces on your VPN and LAN interfaces and confirm that packets pass from one to the other and if you see reply packets from your LAN clients.
Are you testing on IP address?
Bart...
Logged
blazte
Newbie
Posts: 4
Karma: 0
Re: Can connect to OpenVPN, but cannot reach any LAN clients
«
Reply #6 on:
January 18, 2022, 10:40:28 pm »
Yes, I am testing on IP-address.
I did a Packet Capture on all interfaces and could see the ping request.
I found out that I could ping Linux/android LAN clients, but all Windows LAN clients was still unreachable.
After I added a Windows Firewall rule that allowed my VPN network scope (10.4.4.1-10.4.4.254) it worked.
I have used OpenVPN Server on different OS like Ubuntu, OpenWRT, Synology, but I have never experience that I needed to add a Windows Firewall rule on Windows clients for allow connections from the VPN network.
Thanks anyway for your time.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Can connect to OpenVPN, but cannot reach any LAN clients
