<SOLVED> OpenVPN remote client access to another LAN

[JDH]

I have two locations, both running ver 21.1.8_1, connected SSL VPN L2L tunnel with traffic passing correctly btwn both sides.

On the server side of the tunnel I have setup remote access via TOTP SSL and am able to login and access servers, printers etc. However, I am not able to pass traffic to the client side of the L2L tunnel.

I have added the LAN network address of the client side to the "IPV4 Local network" section, separated by comma, from the LAN address of the server side of the tunnel. (btw is there a space after the comma?)

However, I'm pretty sure that  I need to add a firewall rule on the client side of the tunnel to allow traffic from the address of my VPN client ...?

Any help will be much appreciated.

Thanks.

[superfox]

maybe a little map could help here, using your terms. Please complete... :-)


[loc-01_client-network]
|
[location-01-opnsense_vpn-server]
|
|
|
[location-02-opnsense_vpn-client]
|
[loc-02_client-network]


On [loc-02_client-network] you are now able to access servers, printers etc. in [loc-01_client-network]. But the opposite direction does not work?

[JDH]

Superfox here is diagram:

SITE A  ---this is the server side of the tunnel:

WAN -- public IP provided by ISP
LAN -- 10.1.1.0/24
TUNNEL --10.1.10.0/24

SITE B -- this is the client side of the tunnel

WAN -- public IP provided by ISP
LAN -- 10.1.2.0/24
TUNNEL -- 10.1.10.0/24

REMOTE VPN NETWORK -- 192.168.50.0/24
Using Viscosity client and connecting to SITE A

I have full connectivity to site A but cannot reach site B.

On the config page for the vpn remote connection I have set both LAN networks, comma separated, to be local networks. The remote network box is blank.

On site B I have created a firewall rule to allow 192.168.50/24 traffic IN.

I believe a route has to be created on site B so that it knows how to reach 192.168.50.0/24 but when I try to create it there is no OVPN interface in the drop-down, only WAN and LAN.

Do I need to add 192.168.50.0/24 as a remote network in the tunnel client config page on site B?

Any insight you can provide will be much appreciated!

[JDH]

I believe a route has to be created on site B so that it knows how to reach 192.168.50.0/24 but when I try to create it there is no OVPN interface in the drop-down, only WAN and LAN.

Do I need to add 192.168.50.0/24 as a remote network in the tunnel client config page on site B?


This was exactly the case   --- there was no route back to my remote LAN from site B. As soon as I added my remote client network 192.168.50.0/24 as a remote network in the tunnel client config on Site B the problem was solved.

Hope this will be helpful to anyone else having the same issue.

[JDH]

<>