traffic between vlan clients stops when client starts his local vpn client

Started by cat, April 10, 2023, 07:49:44 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 10, 2023, 07:49:44 AM Last Edit: April 10, 2023, 08:02:46 AM by cat
wan <--> opnsense (vpn_gw) <--------> VLAN20 --- desktop
                                                     \ ----> VLAN60 --- server1 (openvpn client)

My first opnsense setup and struggling with routing configuration.
The server on vlan60 is reachable from vlan20.
The moment server1 start it's own openvpn client the routes change and i cannot reach it from vlan20, desktops in vlan60 are though able to reach it.
I need help, my attempts with single gw and routes config were futile.  :'(


openvpn client stopped (server reachable from any allowed local client)
Quoteroot@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0

openvpn client running (only reachable from vlan60)
Quoteroot@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0
128.0.0.0       10.8.0.1        128.0.0.0       UG    0      0        0 tun0
143.244.41.17 10.10.60.1      255.255.255.255 UGH   0      0        0 eth0

April 10, 2023, 02:17:35 PM #1
Why in the world the server1 is an openvpn client. Anyway, once you are in a vpn mode the locals and other routes should not be able to see or communicate, otherwise what's purpose of the vpn. :D
April 11, 2023, 12:49:32 AM #2
The locals on the same vlan can reach the vpn client even when the openvpn is running.
I just would like to know how to config opnsense to allow me to reach then vpn client from another vlan.
Print
Go Up Pages1
User actions