Only ICMP through OpenVPN Road Warrior.

Started by Mantis314, June 04, 2021, 04:35:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 04, 2021, 04:35:47 AM
I'm new to OpnSense.
I have OpnSense 21.1.6 on a Protectli appliance.
I have configured OpenVPN following the RoadWarrior documentation.
LAN subnet = 192.168.13.0/24
OpenVPN subnet/pool = 192.168.16.0/24
I am able to connect successfully and obtain an IP from the OpenVPN pool.
I can access the web interface for my OpnSense firewall.
If I run an Angry IP Scan of my LAN subnet, I can see all the devices on my LAN.
However, I am not able to access anything (other than my firewall) on my LAN via any service I have tried.
I have devices on 22, 80, 443, 3389 etc.
The Angry IP scan shows these ports open on the appropriate devices.
The OpnSense Firewall is 192.168.13.253 and is my default gateway for everything on the LAN.
From a PC on the LAN when I run a tracert to my laptop which is connected via OpenVPN, the trace shows OpnSense sending the traffic back to the OpenVPN client.

C:\Users\Admin>tracert 192.168.16.6

Tracing route to BW-WS1 [192.168.16.6]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.13.253
  2    51 ms    43 ms    45 ms  BW-WS1 [192.168.16.6]

Trace complete.

Here is a live log view of an attempt to access the web interface on an access point at 192.168.13.251 from a VPN client on 192.168.16.6 showing the traffic is allowed.

srcport,dstport=443src,dst=192.168.13.251

Interface      Time   Source   Destination   Proto   Label   
LAN      Jun 3 21:04:05   192.168.16.6:59481   192.168.13.251:443   tcp   let out anything from firewall host itself   
LAN      Jun 3 21:04:05   192.168.16.6:59480   192.168.13.251:443   tcp   let out anything from firewall host itself   
LAN      Jun 3 21:03:33   192.168.16.6:59459   192.168.13.251:443   tcp   let out anything from firewall host itself   
LAN      Jun 3 21:03:33   192.168.16.6:59458   192.168.13.251:443   tcp   let out anything from firewall host itself   

Why am I able to ping and scan but not do anything else?

BTW all this used to work with my old Sonicwall.
The only thing that has changed is the introduction of the OpnSense firewall.

Any thoughts on what I might be missing?

Thanks,

Bill
June 04, 2021, 07:57:38 AM #1
Hi Bill,

I had a similar issue which I traced to OpenVPN compression. Can you try and switch it off on both ends?

Bart...
June 04, 2021, 02:57:32 PM #2
Bart,

Yes, that was it!
While there was no option to disable compression, I set it to "No preference".
I tested it by opening an RDP session to a PC on the other end and it worked the first time.
I will likely play with the compression now that I know it was the issue.

You saved me a lot of frustration!

Thank You,

Bill
Print
Go Up Pages1
User actions