OpenVPN cannot access LAN

[geekraver]

I see a lot of similar posts with this topic but nothing that is obviously useful. I followed the road warrior setup for iOS, and like others, the VPN connects, but I can't access my LAN over the VPN. My attempts to do so are being blocked by the 'floating rule'  'Default deny/state violation rule'.

Under the firewall rules for OpenVPN I have a 'pass' rule set up to allow 'in' (I tried 'out' too just in case), with interface OpenVPN, source OpenVPN Net, destination LAN Net, which I would have thought would match but doesn't.

I'm using 10.0.0/24 for OpenVPN and my LAN is 192.168.1.0/24, not that I think those details matter. I do have one non-VPN rule on the WAN to allow HTTPS traffic through to an internal host, but I don't think that should affect things.

Happy to provide any other info to try diagnose what's going on here.

[bartjsmit]

Configure your .ovpn configuration on a full fat client and confirm you can connect. Then run a traceroute from that client and confirm that traffic for 192.168.1.0/24 goes out via 10.0.0.0/24.

If you can only configure on your phone, run a packet capture on OPNsense and confirm that it sees the packets from your phone.

Bart...

[geekraver]

Hi Bart, I will try do this later today when I am away from home. I did run a traceroute on my iPad and found that it was trying to send to an IPv6 address, despite me setting OpenVPN client to use IPv4, and the same on the firewall.

[bartjsmit]

That sounds like you're testing with the FQDN of a LAN host. Try the IPv4 address first, even though it couldn't possibly be DNS 

https://www.cyberciti.biz/media/new/cms/2017/04/dns.jpg

Bart...