Problem Connect OpenVPN Behind Router

[achocolada]

Hi everyone,

I have problem to connect OpenVPN which is installed on the OPNsense located behind the internet router. The topology is as follows:
Internet Routet(Mikrotik) ----> OPNsense ---> LAN

I've already added NAT rule on the Router to forward port 1194 to the OPNsense's IP, but the OpenVPN still doesn't connect. When I OpenVPN from the OPNsense local IP address it just works, means that no problem the VPN server configuration.

Are you guys have the solutions for this? thank you :)

[bartjsmit]

Does the tunnel endpoint have a route to LAN via OPNsense?

If there isn't, you'll have to do outbound NAT for OpenVPN in OPNsense

[FraLem]

Check firewall rules on the WAN interface accordingly. I guess that by "NAT Rule"you mean port forward, right? 

[achocolada]

Does the tunnel endpoint have a route to LAN via OPNsense?

If there isn't, you'll have to do outbound NAT for OpenVPN in OPNsense

In the future I will need to add route from OpenVPN client to the LAN segment, but for this time there is no route yet.

I checkek on the Outboud NAT, and there is no automatic rule generated.
On the Outbound NAT, there are 4 options and the current is automatic NAT generation.
So, did you mean I have to add manual outbound NAT rules ?

[achocolada]

Check firewall rules on the WAN interface accordingly. I guess that by "NAT Rule"you mean port forward, right?

I already recheck the firewall rules on mikrotik but still the same. Likely, the issue is on the OPNsense config, but dont know where :(

[bartjsmit]

I checkek on the Outboud NAT, and there is no automatic rule generated.
On the Outbound NAT, there are 4 options and the current is automatic NAT generation.
So, did you mean I have to add manual outbound NAT rules ?

Yes, or hybrid - they will have the same effect since there is no automatic rule

[achocolada]

unfortunately I couldn't resolve this problem, so I decided to reset to default :(
thank you guys.