Need Help to access wireless access Point after Opnsense Router via opnVPN

[EdK]

Hi,

My setup as below:

Internet ----> Opnsense 19.7.4 -------> Wireless AP (SSID: test)
LAN IP              192.168.2.1                       192.168.2.100

When I am using wifi on SSID test  i can access both 192.168.2.1 and 192.168.2.100

But once am outside and VPN in to the network  (using opnsense road warrior setup) I can only access 192.168.2.1 which is Opnsense but I can't reach 192.168.2.100.

When I VPN in, my connection status show am logged in having virutal IP is 10.10.0.6

I have set all the rules at WAN and LAN as indicated in the tuitorials and I even set  manual NAT outbound (interface: OpenVPN source network : 10.10.0.0/24 destination: Any Translation/Target : 192.168.2.0/24

[rene_]

Hello,

can you please post Screenshots from you outbound nat configuration?

Also your openvpn server and client config would be helpful (please remove critical lines, certificates and so on)

Also your routing table from the client, while connected to the vpn please.

Kind regards,
René

[bartjsmit]

Does your AP have a route to your tunnel network? The AP either has to use OPNsense as its default gateway or have a static route like 10.10.0.0/24 via 192.168.2.1

Bart...

[EdK]

Hello,

can you please post Screenshots from you outbound nat configuration?

Also your openvpn server and client config would be helpful (please remove critical lines, certificates and so on)

Also your routing table from the client, while connected to the vpn please.

Kind regards,
René

Please see attachment. Hope I got it correctly for your viewing

Please see attachment

[EdK]

Does your AP have a route to your tunnel network? The AP either has to use OPNsense as its default gateway or have a static route like 10.10.0.0/24 via 192.168.2.1

Bart...

I give the AP static IP address 192.168.2.100 on 192.168.2.0/24 subnet. I leave the gateway setting blank. Will try soon let and let you know.

[banym]

You need the opnsense as router or a static route. Otherwise the AP will not know how it can reach the client in the openvpn network.

[EdK]

Solved! put the gateway ip onto the AP.

I just need the Opnsense router to route not statics. So I guess I can remove the Nat Outbound rule yah?

[banym]

Yes, no special outbound NAT rule should be necessary for this usecase.