OpenVPN Road Warrior to self-hosted services on LAN problems

[wnctech]

Did the road warrior OpenVPN setup using OPNsense's wiki. I can connect to my OPNsense box via OpenVPN on my iPhone as well as my laptop or my Chromebook while on the road.

Once connected on the VPN, however, I can't access any resource on my inside LAN other than those services or servers that use ports 80/443 (ie. my UniFi Controller, which is on port 8443, my Portainer installation at port 9000, etc.) I can ping all the internal hosts from my VPN client, but that's about it.

As far as my firewall rules, I think they are all in check. I have no problems accessing my OPNsense FW GUI via the VPN, however, nothing else is reachable on ports other than 80/443. Can anybody give me some advise on what to check? I don't see anything odd in the firewall logs, and it looks as if the internal client is responding to my VPN client on the road but the traffic isn't making it back.

Also, I have OPNsense/OpenVPN set to redirect all incoming traffic from connected clients through OPNsense to the internet service on site at OPNsense firewall. The clients still all pull web traffic through their non-VPN'd connection/IP address.  I never had all these issues on my previous firewall distribution.

As an aside, I run OPNsense on a Proxmox VM, as I did when I used pfSense in production on same network.  I have any kind of cross-network/firewall blocking disabled on the interfaces in use.

Any help is appreciated!

[allebone]

Maybe provide a traceroute from both sides so we can see whats happening.