Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Only ICMP through OpenVPN Road Warrior.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Only ICMP through OpenVPN Road Warrior. (Read 1432 times)
Mantis314
Newbie
Posts: 15
Karma: 0
Only ICMP through OpenVPN Road Warrior.
«
on:
June 04, 2021, 04:35:47 am »
I'm new to OpnSense.
I have OpnSense 21.1.6 on a Protectli appliance.
I have configured OpenVPN following the RoadWarrior documentation.
LAN subnet = 192.168.13.0/24
OpenVPN subnet/pool = 192.168.16.0/24
I am able to connect successfully and obtain an IP from the OpenVPN pool.
I can access the web interface for my OpnSense firewall.
If I run an Angry IP Scan of my LAN subnet, I can see all the devices on my LAN.
However, I am not able to access anything (other than my firewall) on my LAN via any service I have tried.
I have devices on 22, 80, 443, 3389 etc.
The Angry IP scan shows these ports open on the appropriate devices.
The OpnSense Firewall is 192.168.13.253 and is my default gateway for everything on the LAN.
From a PC on the LAN when I run a tracert to my laptop which is connected via OpenVPN, the trace shows OpnSense sending the traffic back to the OpenVPN client.
C:\Users\Admin>tracert 192.168.16.6
Tracing route to BW-WS1 [192.168.16.6]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.13.253
2 51 ms 43 ms 45 ms BW-WS1 [192.168.16.6]
Trace complete.
Here is a live log view of an attempt to access the web interface on an access point at 192.168.13.251 from a VPN client on 192.168.16.6 showing the traffic is allowed.
srcport,dstport=443src,dst=192.168.13.251
Interface Time Source Destination Proto Label
LAN Jun 3 21:04:05 192.168.16.6:59481 192.168.13.251:443 tcp let out anything from firewall host itself
LAN Jun 3 21:04:05 192.168.16.6:59480 192.168.13.251:443 tcp let out anything from firewall host itself
LAN Jun 3 21:03:33 192.168.16.6:59459 192.168.13.251:443 tcp let out anything from firewall host itself
LAN Jun 3 21:03:33 192.168.16.6:59458 192.168.13.251:443 tcp let out anything from firewall host itself
Why am I able to ping and scan but not do anything else?
BTW all this used to work with my old Sonicwall.
The only thing that has changed is the introduction of the OpnSense firewall.
Any thoughts on what I might be missing?
Thanks,
Bill
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Only ICMP through OpenVPN Road Warrior.
«
Reply #1 on:
June 04, 2021, 07:57:38 am »
Hi Bill,
I had a similar issue which I traced to OpenVPN compression. Can you try and switch it off on both ends?
Bart...
Logged
Mantis314
Newbie
Posts: 15
Karma: 0
Re: Only ICMP through OpenVPN Road Warrior.
«
Reply #2 on:
June 04, 2021, 02:57:32 pm »
Bart,
Yes, that was it!
While there was no option to disable compression, I set it to "No preference".
I tested it by opening an RDP session to a PC on the other end and it worked the first time.
I will likely play with the compression now that I know it was the issue.
You saved me a lot of frustration!
Thank You,
Bill
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Only ICMP through OpenVPN Road Warrior.