<SOLVED> vpn connection but no remote lan resources available

Started by jmcgon, September 14, 2022, 05:51:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 14, 2022, 05:51:09 PM Last Edit: September 19, 2022, 03:59:43 PM by jmcgon
opnsense 2.7.4 running on Protectli Vault FW4b.

Followed the Road Warrior doc and have successfully connected using Viscosity vpn client.  But now I can't seem to figure out how to access LAN resources.  I want to be able to connect to a file server for file access and management and I want to be able access the Protectli Vault for management. 

I thought that all the ip traffic from the remote client would be directed through the vpn connection, but the reality is different.  Traffic still traverses to the isp outside the ssl vpn tunnel.  What did I miss?  How do I make the remote client machine only use the vpn when it is connected?

In reality I am only connect to the WAN interface.  In the setup I remember setting the LAN the clients are accessing in the configuration, but I don't see that 192.168.x.x address? 

Viscosity shows the client ip as 10.10.x.x as setup for the tunnel and the server IP as the IP of the WAN interface. 

Incase anyone notices, the otp issue is still unresolved. :-[



September 16, 2022, 01:14:12 AM #1
After researching and reading other posts I decide to add a new vpn instance using the wizard.  For anyone who is a newbie like me next to the + sign to add a server is a small icon, which I believe is a magic wand.  That launches the wizard.  The key for me was an openvpn firewall rule.  I had no rules, the road warrior doc either doesn't mention it or I missed it.  Anyway the wizard creates a simple openvpn firewall rule and that was enough to make the old (first instance) function.  I will post the firewall rule soon, once I vpn into the router.

Now I just need to get the otp working and I will be even a happier IT person...
September 16, 2022, 02:05:19 AM #2
The new rule that the wizard added that allowed vpn traffic to flow into the lan has the following parameters.

Inbound rule

IPv6+6

any source network

any source port

any Destination network

any Destination port

Gateway default

no schedule

That's it.  Just to clarify, I used the wizard to setup a new instance of openvpn which at the end creates the firewall rule needed for the openvpn interface.  But I used the credentials from my first install using the road warrior doc ( https://docs.opnsense.org/manual/how-tos/sslvpn_client.html ).  All I needed was a openvpn firewall rule.  Hope this helps someone else.

Print
Go Up Pages1
User actions