openconnect - NAT from LAN or other Network does not work

[sicuro0815]

Hi,

Unfortunately I have a problem with connections via Openconnect. The connection to VPN GW is established. A ping via GUI or CLI to a host behind the VPN GW is possible (SSH connection also goes from the OPNsense CLI. Only when I ping from a host on the LAN there is no response. First I typed NAT, but I have set it up. Firewall rules do not block too.

Hybrid outbound NAT rule generation
OpenConnect    any    *    OpenConnect net    *    Interface address    *    NO

I still see the packets via FW Live View both from the OPNsense CLI and from a host on the LAN.

ping successful without source specification (source in this case is the IP from the VPN tunnel)
tun30000      Mar 11 15:13:28   10.12.60.36   10.9.4.10   icmp   let out anything from firewall host itself

ping successful with source specification (source in this case is the LAN IP of OPNsense)
tun30000      Mar 11 15:15:32   192.168.178.1   10.9.4.10   icmp   let out anything from firewall host itself (force gw)

Ping not successful from a host on the LAN
tun30000      Mar 11 15:14:15   192.168.178.188   10.9.4.10   icmp   let out anything from firewall host itself

What am I doing wrong? Actually, I expected this to work with the NAT. Does anyone have any idea what it is or how to check the NAT settings via CLI to make sure they are set properly?

OPNsense 20.1.2-amd64
FreeBSD 11.2-RELEASE-p17-HBSD
OpenSSL 1.1.1d 10 Sep 2019

Regards
Sven

[mimugmail]

Screenshot of outbound nat please