OpenVPN change Tun to TAP in OPNsense VM (debian host)

Started by TooTired, September 06, 2024, 02:59:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 06, 2024, 02:59:25 PM
Hi everybody!

I have installed OPNsense inside a VM and configured an OpenVPN server.  My client computers can connect successfully using the TUN interface and access the internet.  I need access to other resources on the host computers' network so I need a TAP interface.  I have changed the interface from TUN to TAP and my clients can connect through the VPN however are unable to ping other devices on the host computers' network.

I suspect that I am having a lot of difficulty because I have not properly configured either firewall or routing rules using OPNsense.  I think that the trouble I have is moving away from editing simple server.conf and iptables (simple text files) to driving the OPNsense nice looking graphical interface.  I could not find any examples of how to configure is a lot more challenging to use than looking at a simple server.conf file and writing forwarding rules to iptables.

Could anyone provide an example of the firewall rules and iptables using the graphical interface?

I feel like it would be a big enhancement if OPNsense would load the server.conf and iptables routes inside a large text input object so I could read my full configuration and edit it using the existing web forms.

Thank you for any suggestions!
September 06, 2024, 03:14:53 PM #1
Quote from: TooTired on September 06, 2024, 02:59:25 PM
I need access to other resources on the host computers' network so I need a TAP interface.

Not really sure why do you need TAP for this.
September 06, 2024, 05:24:13 PM #2
If my text drawing will not shift, then this is what I am trying to do.

WWW ------  Router -------- eth0 -------- Debian (host) -------\
                     Router ---- different server on Deb host--- \     \
WWW Client ---- Router (port forward) ---- br0 (eth1) ---- OPNsense VM --- OpenVPN

I need the VPN client to be able to access a separate server locally hosted on the Debian Host.  My understanding is that a this cannot be done using interface TUN but it can be done using interface TAP.  I have done this in the past successfully with a Samba shared network drive.

If I can do this on TUN then I would love to understand how.
Print
Go Up Pages1
User actions