HELP!! OpenVPN can't access local server

Started by MiMarGa, April 03, 2020, 07:02:03 AM

Previous topic - Next topic
I use OpenVPN to access my home network from outside, VPN has successfully connected to OPNSense, but why can't I access the data server at home?

IP openVPN
Local server IP that will be accessed

I have created a rule in OpenVPN according to the tutorial on

What Client do you use. Is the Routing correct? Some Clients need to be run as Administrator on Windows to set the correct routes.

If thats not the problem maybe your rules on the firewall are incorrect.

The complete forum is for help, no need to use capital letters in your subject. If it is urgent, try to order professional service from the vendor or other companies to assist you.
Twitter: banym

April 04, 2020, 04:31:33 PM #2 Last Edit: April 04, 2020, 04:51:35 PM by sepius
I can second this.
This is currently - beside the medieval options set; stuck in 2017 - my main concern.

Relatetd to the problem MAY  "write UDP []: Network is unreachable (code101)
But again, this could also be just related to the mobile uplink.

I tried to add additional interface but no can do. It should be a no brainer, as connect and Internet access works fine. But you can't reach internal services, even with an IP4 allow any to any on ALL (but the WAN) interfaces.
DNS listing on interface is also set. Only HAProxy configured, no fancy stuff.

Connection seems fine, except "Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4:register-dns (2.5_master)].

All settings "default"m client export used, nothing modified, no Advanced params.

Firewall Logs show nothing, also VPN log on level 6 nothin unusual.

I migrated from XYsense as the last update went wrong. But seriously.. openVPN is an default app. I would bet it is a heavy used function.  I feel of getting from bad to worse, with the openvpn in opnsense and nearly regret my move. Beside I really would want to stay with opnsense, as it is more "sympathic" (and not from within a commercial company located in US) - but this... should just work and offer at least settings from 2018+.

Any help, where I can further look into the problem?

opnsense: libressl, latest stable version
clients: Android 10, latest OpenVpn, linux, latest (both stable)

Funny thing, I wanted to test it on my laptop, exported conf and... HMAC error on linux client, android works this way.
Realizing all the hickups, I wonder if OpenVPN on opnsense is still maintained?
(sorry for the maybe cynic comment - but I invested the last days to rebuild my setup in opnsense and with this basic failing, I fear I wasted my time - never thought such thing could be so... difficult and depricated and I use senses since 8+ years)

April 04, 2020, 07:50:02 PM #3 Last Edit: April 04, 2020, 10:30:48 PM by banym
Well I use serveral OPNsense installations with current and older versions and most of them running OpenVPN.
If configured correctly it does work.
To get help here others need to see your configuration and log error messages to help to find the problem.

Please share screenshots of your configuration and firewall rules and log messages of OpenVPN server and client.
Twitter: banym

Quote from: banym on April 04, 2020, 07:50:02 PM
Well I use serveral OPNsense installations with current and older versions and most of them running OPNvpn.

Very important information

Quote from: banym on April 04, 2020, 07:50:02 PM
If configured correctly it does work.

Of course it does :).
Oh, wait, in complex systems and some IT systems, I heard of bugs and things alike. But yes, most bugs sit around 50cm in front of the monitor as we said 20 years ago in 2nd and 3rd level support. ;)

Quote from: banym on April 04, 2020, 07:50:02 PM
To get help here others need to see your configuration and log error messages to help to find the problem.
Please share screenshots of your configuration and firewall rules and log messages of OpenVPN server and client.
I'll get back to you with the screenshots. Do you mean the very short OpenVPN conf?
Firewall rules as written above "even with an IP4 allow any to any on ALL (but the WAN) interfaces." One rule, to rule them all (per interface) - it was a fresh installtion, just the pre latest version, updated shortly after install.

I had one special thing: VIP and forward to it. History showed me this is a more versatile setup, than using external
Screenshots will take some time, as I need the vpn and so I had to switch to my old poison ;)
Will virtualize it and screenshot.