[SOLVED] Firewall rules to allow OpenVPN access to my LAN

[neek]

I'm a relatively new convert from pfSense to opnsense. I've been happy with it, but I'm still unsure how to get my firewall rules configured correctly.

First, when I navigate to Firewall -> Rules, I have a ruleset for "OPENVPN" and a second ruleset for "OpenVPN". Is this correct? The all-caps one is from the Interface that I created that maps to "ovpns1". I'm unsure what the ruleset for "OpenVPN" came from, nor how/if to delete it.

Both of these rule sets are empty, except for some default rules on the OPENVPN for blocking bogon networks. When I connect to the VPN, I find that I can't even connect to the VPN's gateway (192.168.x.1) to get to opnsense. It feels like it's a firewall block, since the telnet command gets hung.

Is there some obvious thing I'm missing? Thanks much.

I've put a few screenshots showing the interfaces, the VPN rules, and the firewall logs, at this link. https://imgur.com/a/98vZ7nX

EDIT: I figured out what's wrong. I needed to setup the VPN server to listen on Interface "WAN" instead of Interface "any".

[neek]

bumping this with the hope that anyone has ideas?

[spider]

Hi

I have these rules


I don't think you need to create an interface for an OpenVPN server.

There is more documentation at https://docs.opnsense.org/manual/vpnet.html#openvpn-ssl-vpn

cheers
-spider

[neek]

Thanks. I realized I created that interface for VPN when I was trying to look at the live firewall log and wanted to watch all traffic on the interface. I deleted it and still don't seem to be able to reach the intranet, though the VPN seems intact.

[RamSense]

While I'm not using opnvpn now, I remember using a guide back than to make it work. Maybe this full guide helps you.
https://homenetworkguy.com/how-to/configure-openvpn-opnsense/

[neek]

Ok I've figured it out. I had the OpenVPN server set to listen on Interface "any". It needs to listen on Interface "WAN". D'oh!

thanks all!