Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
OpenVPN and access to LAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN and access to LAN (Read 10307 times)
BlackDex
Newbie
Posts: 1
Karma: 0
OpenVPN and access to LAN
«
on:
September 08, 2016, 02:19:11 pm »
Hello there,
I'm trying to setup a OpenVPN server with OPNsense.
While that seems to work, i can connect etc.. i have trouble reaching the network on the LAN port.
OPNsense is running on qemu/kvm with bridged interfaces. One interface is connected to the public internet (WAN). And the other is connected to the LAN network on the host.
Host: Ubuntu (14.04) with KVM/QEMU
- br0: WAN public internet
- br3: LAN - 172.18.10.10
Guest: OPNsense 16.7.3
- WAN: bridged on br0
- LAN: bridged on br3 - 172.18.10.11
- VPN: 10.220.0.0/27
WAN is working. I Can connect to the VPN from the outside world, no problem. If i allow ICMP on the WAN i can ping the WAN.
During the VPN connection i'm able to ping the static LAN IP on the OPNsense system, which is 172.18.10.11.
If i try to ping 172.18.10.10 which is connected to the hypervisor i get no response. That is the same for other systems on that same network 172.18.10.x.
I know that this is because the requests go to the 172.18.10.x network from the VPN network and the host on 172.18.10.10 doesn't know how to return the package.
So, i created a NAT rule for outbound.
This has the following settings.
Interface: LAN
Source: 10.220.0.0/27
NAT Address: interface address
After applying this rule i'm able to ping to that host! BUT, when i try to SSH to it, it doesn't work.
What am i doing wrong?
What i want is to have an OpenVPN connection so that i can reach the local LAN from outside.
Thx in advanced.
BlackDex.
Logged
djGrrr
Full Member
Posts: 112
Karma: 22
Re: OpenVPN and access to LAN
«
Reply #1 on:
September 10, 2016, 03:28:44 pm »
Do you have a firewall rule allowing traffic from your VPN range on the OpenVPN rules tab?
Logged
Zeitkind
Full Member
Posts: 180
Karma: 27
Re: OpenVPN and access to LAN
«
Reply #2 on:
September 11, 2016, 03:07:23 am »
Does your VPN client know the route to the remote LAN? If not set to route all traffic through VPN you must push the route via the server and use dev tun.
See
https://openvpn.net/index.php/open-source/documentation/howto.html#scope
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
OpenVPN and access to LAN