[SOLVED] The problem with routing of OpenVPN

[lkudlacek]

Hello,

I need to create route between two networks and I don`t know how to...

WAN: xyz
LAN: 192.168.10.100

Open VPN server on OPNSense: 192.168.50.1

A client is connected to VPN with IP for example 192.168.50.2 - that works.
And I need the following:

- client in network 192.168.50.0 has to connect to network 192.168.10.0

It is simply but I don`t know... Can I get any advice, please? :-)
Thanks

[chemlud]

Do you have any firewall rules on the openvpn tab?

[lkudlacek]

Tab LAN:
         Proto    Source    Port    Destination    Port    Gateway    Schedule    Description    
        *                   *        *              LAN Address 80
                                                                                          22                  *                                    Anti-Lockout Rule    
      IPv4               *        *                        *                *                  *                          Default allow LAN to any rule    



Tab OPENVPN:

          Proto    Source    Port    Destination    Port    Gateway    Schedule    Description    
      IPv4 *    *    *    *    *    *          

[bartjsmit]

Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?

Do you have 'Redirect Gateway' enabled on the OpenVPN tunnel settings?

Are the network masks for each subnet set to /24 on all devices?

Bart...

[lkudlacek]

Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?

Where can I get this information, please?
EDIT: No...default gateway for hosts in network 192.168.10.0/24 is 192.168.10.31. OPNsense has LAN IP 192.168.10.100

Do you have 'Redirect Gateway' enabled on the OpenVPN tunnel settings?

No...I enabled "redirect gateway" now in VPN -> OpenVPN -> Servers -> 'My settings'

Are the network masks for each subnet set to /24 on all devices?

Yes...192.168.10.0/24 and 192.168.50.0/24, too.

[lkudlacek]

I discovered that afted connect to VPN ping answers on LAN interface:

I get IP 192.168.50.2 (openVPN IP) and ping answers to 192.168.10.1 (The IP on my LAN interface in OPNsense)
But I don`t see more machines in network 192.168.10.0/24..I see only LAN interface on my OPNsense.

Any firewall rule yet?
My routing table on my local machine when "Redirect Gateway" is enabled on OPNsense server.

Destination         Gateway           Genmask           Flags Metrik Ref  Use Iface
default         192.168.50.1      128.0.0.0       UG    0      0        0 tun0
default         192.168.2.1     0.0.0.0         UG    100    0        0 enp2s0
192.168.10.0      192.168.50.1      255.255.255.0   UG    0      0        0 tun0
192.168.50.0      *               255.255.255.0   U     0      0        0 tun0
128.0.0.0       192.168.50.1      128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 enp2s0
192.168.2.0     *               255.255.255.0   U     100    0        0 enp2s0
xxx.xxx.xxx.xxx  192.168.2.1     255.255.255.255 UGH   0      0        0 enp2s0 (xxx.xxx.xxx.xxx = public IP OPNsense server)


192.168.2.0/24 = my local network at home

[lkudlacek]

My routing table (on my local computer) when "Redirect Gateway" is not enabled on OPNsense server:

Destination         Gateway           Genmask           Flags Metrik Ref  Use Iface
default         192.168.2.1     0.0.0.0         UG    100    0        0 enp2s0
192.168.10.0      192.168.50.1      255.255.255.0   UG    0      0        0 tun0
192.168.50.0      *               255.255.255.0   U     0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 enp2s0
192.168.2.0     *               255.255.255.0   U     100    0        0 enp2s0

[lkudlacek]

Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?

No...default gateway for hosts in network 192.168.10.0/24 is 192.168.10.31

OPNsense has LAN IP 192.168.10.100

Routing table on OPNsense server
# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            <my public gateway>     UGS        bge0
192.168.10.0         link#2             U          bge1
192.168.10.100               link#2             UHS         lo0
192.168.50.0         192.168.50.1         UGS      ovpns1
192.168.50.1         link#7             UHS         lo0
192.168.50.2         link#7             UH       ovpns1 (OVPN client = my local machine)
127.0.0.1          link#6             UH          lo0
<my public network>/30  link#1             U          bge0
<my public IP>     link#1             UHS         lo0


From this server the ping answers to virtual machines in network 192.168.10.0/24. From this server ping works.
From my local machine (after connecting to openvpn) doesn`t work. (the ping answers only to IP 192.168.10.100 = LAN interface on OPNsense server)

What is it for gateway link#1, link#2 ...what is IP, please?

[lkudlacek]

Wow....It is working now!!

The key question was:
"Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?"

The solution:
If OPNsense is not default gateway for network 192.168.10.0/24 then it is need to create this gateway.
Default gateway for network 192.168.10.0/24 is 192.168.10.31 (in my example).

I created in OPNsense new gateway:

System > Gateways > All ---> Add Gateway
Interface: LAN
Address Family: IPv4
Name: Test
Gateway: 192.168.10.31
........
SAVE

In Interface LAN:
Interfaces > LAN > scroll down to IPv4 Upstream Gateway > choose "Test"
SAVE

Done...

Thanks very much for help "bartjsmit".
+

[Jeromeb]

OMG! Thx i haved the same problem, you save my life dude!